From df31d6f5ec7aeabdccdf6a23eb946e9ce014832b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 3 Mar 2020 11:16:58 +0100 Subject: switch to next snapshot version --- eaaf_core/pom.xml | 2 +- eaaf_core_api/pom.xml | 2 +- eaaf_core_utils/pom.xml | 2 +- eaaf_modules/eaaf_module_auth_sl20/pom.xml | 2 +- eaaf_modules/eaaf_module_moa-sig/pom.xml | 2 +- eaaf_modules/eaaf_module_pvp2_core/pom.xml | 2 +- eaaf_modules/eaaf_module_pvp2_idp/pom.xml | 2 +- eaaf_modules/eaaf_module_pvp2_sp/pom.xml | 2 +- eaaf_modules/pom.xml | 2 +- pom.xml | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/eaaf_core/pom.xml b/eaaf_core/pom.xml index bf6c5b47..f41463df 100644 --- a/eaaf_core/pom.xml +++ b/eaaf_core/pom.xml @@ -4,7 +4,7 @@ at.gv.egiz eaaf - 1.1.0 + 1.1.1-SNAPSHOT at.gv.egiz.eaaf diff --git a/eaaf_core_api/pom.xml b/eaaf_core_api/pom.xml index fd23f1c8..7f688734 100644 --- a/eaaf_core_api/pom.xml +++ b/eaaf_core_api/pom.xml @@ -7,7 +7,7 @@ at.gv.egiz eaaf - 1.1.0 + 1.1.1-SNAPSHOT at.gv.egiz.eaaf eaaf_core_api diff --git a/eaaf_core_utils/pom.xml b/eaaf_core_utils/pom.xml index fa5fa412..1f5467ab 100644 --- a/eaaf_core_utils/pom.xml +++ b/eaaf_core_utils/pom.xml @@ -7,7 +7,7 @@ at.gv.egiz eaaf - 1.1.0 + 1.1.1-SNAPSHOT at.gv.egiz.eaaf eaaf_core_utils diff --git a/eaaf_modules/eaaf_module_auth_sl20/pom.xml b/eaaf_modules/eaaf_module_auth_sl20/pom.xml index 81611aff..9b237b78 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/pom.xml +++ b/eaaf_modules/eaaf_module_auth_sl20/pom.xml @@ -6,7 +6,7 @@ at.gv.egiz.eaaf eaaf_modules - 1.1.0 + 1.1.1-SNAPSHOT eaaf_module_auth_sl20 Generic SL2.0 authentication diff --git a/eaaf_modules/eaaf_module_moa-sig/pom.xml b/eaaf_modules/eaaf_module_moa-sig/pom.xml index 11b8cfd9..b9dd49f6 100644 --- a/eaaf_modules/eaaf_module_moa-sig/pom.xml +++ b/eaaf_modules/eaaf_module_moa-sig/pom.xml @@ -5,7 +5,7 @@ at.gv.egiz.eaaf eaaf_modules - 1.1.0 + 1.1.1-SNAPSHOT eaaf_module_moa-sig MOA-Sig signature verification module diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml index 31110bfd..32d66501 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml @@ -7,7 +7,7 @@ at.gv.egiz.eaaf eaaf_modules - 1.1.0 + 1.1.1-SNAPSHOT eaaf_module_pvp2_core eaaf_module_pvp2_core diff --git a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml index ffda330d..cf833f67 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml @@ -5,7 +5,7 @@ at.gv.egiz.eaaf eaaf_modules - 1.1.0 + 1.1.1-SNAPSHOT eaaf_module_pvp2_idp eaaf_module_pvp2_idp diff --git a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml index 69eb26ab..b936f307 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml @@ -5,7 +5,7 @@ at.gv.egiz.eaaf eaaf_modules - 1.1.0 + 1.1.1-SNAPSHOT eaaf_module_pvp2_sp eaaf_module_pvp2_sp diff --git a/eaaf_modules/pom.xml b/eaaf_modules/pom.xml index 228a41cf..3addb4b5 100644 --- a/eaaf_modules/pom.xml +++ b/eaaf_modules/pom.xml @@ -4,7 +4,7 @@ at.gv.egiz eaaf - 1.1.0 + 1.1.1-SNAPSHOT at.gv.egiz.eaaf diff --git a/pom.xml b/pom.xml index 37e25f66..0ce897ec 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ 4.0.0 at.gv.egiz eaaf - 1.1.0 + 1.1.1-SNAPSHOT pom EGIZ EAAF components -- cgit v1.2.3 From 0ee672f95f27b26eddc127e6d358e1e6d462b020 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 4 Mar 2020 14:11:41 +0100 Subject: add "remoteHost" information into TransactionIdUtils rename MDC variables for Logging --- .../eaaf/core/impl/utils/TransactionIdUtils.java | 31 +++++++++++++++++++--- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java index 4cbcfa70..5a26eea3 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java @@ -29,21 +29,25 @@ import at.gv.egiz.eaaf.core.api.IRequest; */ public class TransactionIdUtils { - // MDC variables for logging /** * To correlate technical logs over one single transactions. */ - public static final String MDC_TRANSACTION_ID = "transactionId"; + public static final String MDC_TRANSACTION_ID = "transactionid"; /** * To correlate technical logs over a set of transactions, like SSO. */ - public static final String MDC_SESSION_ID = "sessionId"; + public static final String MDC_SESSION_ID = "sessionid"; /** * Unique application identifier that is processed in this transaction. */ - public static final String MDC_SERVICEPROVIDER_ID = "oaId"; + public static final String MDC_SERVICEPROVIDER_ID = "oaid"; + + /** + * Unique application identifier that is processed in this transaction. + */ + public static final String MDC_REMOTEHOST = "remoteHost"; /** * Set all MDC variables from pending request to this threat context.
@@ -67,6 +71,7 @@ public class TransactionIdUtils { removeSessionId(); removeTransactionId(); removeServiceProviderId(); + removeRemoteHost(); } @@ -135,5 +140,23 @@ public class TransactionIdUtils { } + /** + * Set remoteHost information to correlate technical logs. + * + * @param remoteHost IP address of the remote host + */ + public static void setRemoteHost(final String remoteHost) { + org.slf4j.MDC.put(MDC_REMOTEHOST, remoteHost); + + } + + /** + * Remove remoteHost for Logging. + */ + public static void removeRemoteHost() { + org.slf4j.MDC.remove(MDC_REMOTEHOST); + + } + } -- cgit v1.2.3 From d08a5df42ece34b58109d4cea3b88ca52e4bdb45 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 10 Mar 2020 13:55:12 +0100 Subject: move attribute definition for mandateId into another class --- .../egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java | 3 +++ .../at/gv/egiz/eaaf/core/api/data/PvpAttributeDefinitions.java | 7 +------ 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java index b6f602d2..727c360c 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java @@ -49,4 +49,7 @@ public interface ExtendedPvpAttributeDefinitions extends PvpAttributeDefinitions String EID_MIS_MANDATE_NAME = "urn:eidgvat:attributes.mis.mandate"; String EID_MIS_MANDATE_FRIENDLY_NAME = "mandate"; + String EID_MIS_MANDATE_IDENTIFIER_NAME = "urn:eidgvat:attributes.mis.mandate.id"; + String EID_MIS_MANDATE_IDENTIFIER_FRIENDLY_NAME = "mandate-identifier"; + } diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PvpAttributeDefinitions.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PvpAttributeDefinitions.java index 2a9a8317..793715f1 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PvpAttributeDefinitions.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PvpAttributeDefinitions.java @@ -137,7 +137,7 @@ public interface PvpAttributeDefinitions { IDENTITY("http://eid.gv.at/eID/status/identity"), TESTIDENTITY("http://eid.gv.at/eID/status/testidentity"), SYSTEM("http://eid.gv.at/eID/status/system"); - private String uri; + private final String uri; EidIdentityStatusLevelValues(final String uri) { this.uri = uri; @@ -311,11 +311,6 @@ public interface PvpAttributeDefinitions { String MANDATE_REFERENCE_VALUE_FRIENDLY_NAME = "MANDATE-REFERENCE-VALUE"; int MANDATE_REFERENCE_VALUE_MAX_LENGTH = 100; - String MANDATE_IDENTIFIER_OID = "1.2.40.0.10.2.1.1.261.91"; - String MANDATE_IDENTIFIER_FRIENDLY_NAME = "MANDATE-IDENTIFIER"; - String MANDATE_IDENTIFIER_NAME = URN_OID_PREFIX + MANDATE_IDENTIFIER_OID; - int MANDATE_IDENTIFIER_MAX_LENGTH = 256; - @Deprecated String MANDATE_FULL_MANDATE_OID = "1.2.40.0.10.2.1.1.261.92"; @Deprecated -- cgit v1.2.3 From 90705b721d49c61e6d7a698fd66aa951470e9dc0 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 10 Mar 2020 13:56:48 +0100 Subject: Change internal representation of IssuerInstant from String to Date --- .../eaaf/core/impl/idp/AuthenticationData.java | 3 +- .../impl/idp/auth/data/AuthProcessDataWrapper.java | 85 +++++++++++++++++----- .../idp/auth/data/IAuthProcessDataContainer.java | 15 +++- 3 files changed, 80 insertions(+), 23 deletions(-) diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java index a6fe5ff0..7b7aaa36 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java @@ -48,6 +48,7 @@ public class AuthenticationData implements IAuthData, Serializable { private static final long serialVersionUID = -1042697056735596866L; public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; + public static final String ISSUE_INSTANT_DATE_FORMAT = "yyyy-MM-dd'T'HH:mm:ss'Z'"; private boolean isBaseIdTransferRestrication = true; private final Map genericDataStorate = new HashedMap<>(); @@ -112,7 +113,7 @@ public class AuthenticationData implements IAuthData, Serializable { @Override public String getAuthenticationIssueInstantString() { - final SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'"); + final SimpleDateFormat f = new SimpleDateFormat(ISSUE_INSTANT_DATE_FORMAT); f.setTimeZone(TimeZone.getTimeZone("UTC")); return f.format(this.issueInstant); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java index 988a78b6..30144546 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java @@ -19,12 +19,15 @@ package at.gv.egiz.eaaf.core.impl.idp.auth.data; +import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.Date; import java.util.HashMap; import java.util.Map; import java.util.TimeZone; +import javax.annotation.Nullable; + import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.EaafAuthProcessDataConstants; import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer; @@ -39,6 +42,8 @@ public class AuthProcessDataWrapper implements IAuthProcessDataContainer, EaafAuthProcessDataConstants { private static final Logger log = LoggerFactory.getLogger(AuthProcessDataWrapper.class); + public final static String PATTERN_ISSUE_INSTANT = "yyyy-MM-dd'T'HH:mm:ss'Z'"; + protected Map authProcessData; public AuthProcessDataWrapper(final Map authProcessData) { @@ -46,6 +51,11 @@ public class AuthProcessDataWrapper } + @Override + public Date getIssueInstant() { + return wrapStoredObject(VALUE_ISSUEINSTANT, null, Date.class); + } + /* * (non-Javadoc) * @@ -53,8 +63,9 @@ public class AuthProcessDataWrapper * at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIssueInstant() */ @Override - public String getIssueInstant() { - return wrapStringObject(VALUE_ISSUEINSTANT, null, String.class); + public String getIssueInstantString() { + return buildDateTimeUtcString( + wrapStoredObject(VALUE_ISSUEINSTANT, null, Date.class)); } /* @@ -66,7 +77,8 @@ public class AuthProcessDataWrapper */ @Override public void setIssueInstant(final String issueInstant) { - authProcessData.put(VALUE_ISSUEINSTANT, issueInstant); + authProcessData.put(VALUE_ISSUEINSTANT, + buildDateTimeUtcDate(issueInstant)); } @@ -79,7 +91,7 @@ public class AuthProcessDataWrapper */ @Override public void setIssueInstant(final Date issueInstant) { - authProcessData.put(VALUE_ISSUEINSTANT, buildDateTimeUtc(issueInstant)); + authProcessData.put(VALUE_ISSUEINSTANT, issueInstant); } @@ -91,7 +103,7 @@ public class AuthProcessDataWrapper */ @Override public boolean isAuthenticated() { - return wrapStringObject(FLAG_IS_AUTHENTICATED, false, Boolean.class); + return wrapStoredObject(FLAG_IS_AUTHENTICATED, false, Boolean.class); } @@ -116,7 +128,7 @@ public class AuthProcessDataWrapper */ @Override public IIdentityLink getIdentityLink() { - return wrapStringObject(VALUE_IDENTITYLINK, null, IIdentityLink.class); + return wrapStoredObject(VALUE_IDENTITYLINK, null, IIdentityLink.class); } @@ -141,7 +153,7 @@ public class AuthProcessDataWrapper */ @Override public boolean isMandateUsed() { - return wrapStringObject(FLAG_USE_MANDATE, false, Boolean.class); + return wrapStoredObject(FLAG_USE_MANDATE, false, Boolean.class); } /* @@ -164,7 +176,7 @@ public class AuthProcessDataWrapper */ @Override public String getQaaLevel() { - return wrapStringObject(VALUE_QAALEVEL, null, String.class); + return wrapStoredObject(VALUE_QAALEVEL, null, String.class); } /* @@ -187,7 +199,7 @@ public class AuthProcessDataWrapper */ @Override public boolean isForeigner() { - return wrapStringObject(FLAG_IS_FOREIGNER, false, Boolean.class); + return wrapStoredObject(FLAG_IS_FOREIGNER, false, Boolean.class); } /* @@ -209,7 +221,7 @@ public class AuthProcessDataWrapper */ @Override public boolean isOW() { - return wrapStringObject(FLAG_IS_ORGANWALTER, false, Boolean.class); + return wrapStoredObject(FLAG_IS_ORGANWALTER, false, Boolean.class); } /* @@ -225,7 +237,7 @@ public class AuthProcessDataWrapper @Override public boolean isEidProcess() { - return wrapStringObject(FLAG_IS_NEW_EID_PROCESS, false, Boolean.class); + return wrapStoredObject(FLAG_IS_NEW_EID_PROCESS, false, Boolean.class); } @Override @@ -242,7 +254,7 @@ public class AuthProcessDataWrapper */ @Override public Date getSessionCreated() { - return wrapStringObject(EaafConstants.AUTH_DATA_CREATED, null, Date.class); + return wrapStoredObject(EaafConstants.AUTH_DATA_CREATED, null, Date.class); } /* @@ -283,7 +295,7 @@ public class AuthProcessDataWrapper */ @Override public T getGenericDataFromSession(final String key, final Class clazz) { - return wrapStringObject(GENERIC_PREFIX + key, null, clazz); + return wrapStoredObject(GENERIC_PREFIX + key, null, clazz); } /* @@ -299,7 +311,7 @@ public class AuthProcessDataWrapper } - protected T wrapStringObject(final String key, final Object defaultValue, + protected T wrapStoredObject(final String key, final Object defaultValue, final Class clazz) { if (StringUtils.isNotEmpty(key)) { final Object obj = authProcessData.get(key); @@ -322,16 +334,49 @@ public class AuthProcessDataWrapper } /** - * Builds a dateTime value in UTC from a Calendar value. + * Builds a {@link String} dateTime value in UTC from a {@link Date} value. * - * @param date the Calendar value - * @return the dateTime value + * @param date the {@link Date} that should be transformed + * @return The {@link String} representation of the date in + * yyyy-MM-dd'T'HH:mm:ss'Z', or null if {@link Date} was null */ - public static String buildDateTimeUtc(final Date date) { + @Nullable + public static String buildDateTimeUtcString(@Nullable final Date date) { + if (date == null) { + return null; - final SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'"); - f.setTimeZone(TimeZone.getTimeZone("UTC")); + } + final SimpleDateFormat f = new SimpleDateFormat(PATTERN_ISSUE_INSTANT); + f.setTimeZone(TimeZone.getTimeZone("UTC")); return f.format(date.getTime()); + } + + /** + * Builds a {@link String} dateTime value in UTC from a {@link Date} value. + * + * @param date the {@link String} in yyyy-MM-dd'T'HH:mm:ss'Z' + * format that should be transformed + * @return The {@link Date} representation of the date, otherwise null + * if input parameter was null or invalid + */ + @Nullable + public static Date buildDateTimeUtcDate(@Nullable final String date) { + final SimpleDateFormat f = new SimpleDateFormat(PATTERN_ISSUE_INSTANT); + try { + if (date != null) { + return f.parse(date); + + } + + } catch (final ParseException e) { + log.error("Can NOT parse Date from String: {}", date, null, e); + + } + + return null; + + } + } diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java index 6c7292ac..bb1a28bf 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java @@ -31,12 +31,23 @@ public interface IAuthProcessDataContainer { * * @return The issuing time of the AUTH-Block SAML assertion. */ - String getIssueInstant(); + Date getIssueInstant(); + + /** + * Returns the issuing time of the AUTH-Block SAML assertion. + * + *

{@link String} representation uses pattern: + * yyyy-MM-dd'T'HH:mm:ss'Z'

+ * + * @return The issuing time of the AUTH-Block SAML assertion. + */ + String getIssueInstantString(); /** * Sets the issuing time of the AUTH-Block SAML assertion. * - * @param issueInstant The issueInstant to set. + * @param issueInstant The issueInstant with pattern: + * yyyy-MM-dd'T'HH:mm:ss'Z' to set. */ void setIssueInstant(String issueInstant); -- cgit v1.2.3 From 56f6da9375ca0467d0087893516325c0f5608ea6 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 10 Mar 2020 13:58:02 +0100 Subject: rename MDC variables for Session- and TransactionIds --- .../eaaf/core/impl/utils/TransactionIdUtils.java | 24 +++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java index 5a26eea3..4c1601c0 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java @@ -19,6 +19,8 @@ package at.gv.egiz.eaaf.core.impl.utils; +import java.util.UUID; + import at.gv.egiz.eaaf.core.api.IRequest; /** @@ -32,17 +34,17 @@ public class TransactionIdUtils { /** * To correlate technical logs over one single transactions. */ - public static final String MDC_TRANSACTION_ID = "transactionid"; + public static final String MDC_TRANSACTION_ID = "transactionId"; /** * To correlate technical logs over a set of transactions, like SSO. */ - public static final String MDC_SESSION_ID = "sessionid"; + public static final String MDC_SESSION_ID = "sessionId"; /** * Unique application identifier that is processed in this transaction. */ - public static final String MDC_SERVICEPROVIDER_ID = "oaid"; + public static final String MDC_SERVICEPROVIDER_ID = "oaId"; /** * Unique application identifier that is processed in this transaction. @@ -103,6 +105,14 @@ public class TransactionIdUtils { } + /** + * Set new random transactionId as an UUID. + */ + public static void setTransactionId() { + org.slf4j.MDC.put(MDC_TRANSACTION_ID, UUID.randomUUID().toString()); + + } + /** * Set Id to correlate technical logs over one single transactions. * @@ -121,6 +131,14 @@ public class TransactionIdUtils { } + /** + * Set a new random SessionId as UUID. + */ + public static void setSessionId() { + org.slf4j.MDC.put(MDC_SESSION_ID, UUID.randomUUID().toString()); + + } + /** * Set Id to correlate technical logs over a set of transactions, like SSO. * -- cgit v1.2.3 From 19bc544de503af5992d045a699a1f2bcc1eaf505 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 10 Mar 2020 13:58:43 +0100 Subject: inject X509 certificates into JOSE signature-verification response if available --- .../java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java index 1b1f090f..ccb650b3 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java @@ -230,7 +230,7 @@ public class JsonSecurityUtils implements IJoseTools { jws.setKey(selectedKey); // load payLoad - return new VerificationResult(mapper.getMapper().readTree(jws.getPayload()), null, jws.verifySignature()); + return new VerificationResult(mapper.getMapper().readTree(jws.getPayload()), x5cCerts, jws.verifySignature()); } -- cgit v1.2.3 From f95a1fb3982395ccbc7e139cb5bd8a1c106bbb48 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 11 Mar 2020 12:46:45 +0100 Subject: refactor HttpClientFactory.java to build HTTP clients with different authentication mechanisms --- .../services/ProtocolAuthenticationService.java | 2 +- .../impl/idp/controller/protocols/RequestImpl.java | 2 +- .../core/impl/idp/auth/DummyHttpClientFactory.java | 12 +- eaaf_core_utils/pom.xml | 10 + .../impl/http/EaafSslKeySelectionStrategy.java | 50 +++ .../core/impl/http/HttpClientConfiguration.java | 191 +++++++++++ .../eaaf/core/impl/http/HttpClientFactory.java | 360 ++++++++++++++++++++ .../at/gv/egiz/eaaf/core/impl/http/HttpUtils.java | 194 +++++++++++ .../eaaf/core/impl/http/IHttpClientFactory.java | 43 +++ .../eaaf/core/impl/utils/HttpClientFactory.java | 370 --------------------- .../at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java | 118 ------- .../eaaf/core/impl/utils/IHttpClientFactory.java | 24 -- .../messages/eaaf_utils_message.properties | 5 +- .../src/main/resources/spring/eaaf_utils.beans.xml | 4 +- .../eaaf/core/test/http/HttpClientFactoryTest.java | 328 ++++++++++++++++++ .../tasks/AbstractCreateQualEidRequestTask.java | 2 +- .../modules/pvp2/test/binding/PostBindingTest.java | 2 +- .../pvp2/test/binding/RedirectBindingTest.java | 2 +- .../pvp2/test/dummy/DummyMetadataProvider.java | 2 +- .../pvp2/test/metadata/ChainingMetadataTest.java | 2 +- .../pvp2/test/metadata/MetadataResolverTest.java | 2 +- .../test/resources/spring/test_eaaf_core.beans.xml | 2 +- pom.xml | 8 +- 23 files changed, 1208 insertions(+), 527 deletions(-) create mode 100644 eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java create mode 100644 eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java create mode 100644 eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java create mode 100644 eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java create mode 100644 eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/IHttpClientFactory.java delete mode 100644 eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java delete mode 100644 eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java delete mode 100644 eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java create mode 100644 eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java index 817c7aa2..4c82adac 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java @@ -70,8 +70,8 @@ import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException; import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; import at.gv.egiz.eaaf.core.impl.gui.AbstractGuiFormBuilderConfiguration; +import at.gv.egiz.eaaf.core.impl.http.HttpUtils; import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; -import at.gv.egiz.eaaf.core.impl.utils.HttpUtils; @Service public class ProtocolAuthenticationService implements IProtocolAuthenticationService { diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java index adc8774a..f4494106 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java @@ -40,8 +40,8 @@ import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.impl.http.HttpUtils; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; -import at.gv.egiz.eaaf.core.impl.utils.HttpUtils; import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; import org.apache.commons.lang3.StringUtils; diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/DummyHttpClientFactory.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/DummyHttpClientFactory.java index 9a924f83..6aea52ac 100644 --- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/DummyHttpClientFactory.java +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/DummyHttpClientFactory.java @@ -1,8 +1,10 @@ package at.gv.egiz.eaaf.core.impl.idp.auth; -import org.apache.http.impl.client.CloseableHttpClient; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.http.HttpClientConfiguration; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; -import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory; +import org.apache.http.impl.client.CloseableHttpClient; public class DummyHttpClientFactory implements IHttpClientFactory { @@ -18,4 +20,10 @@ public class DummyHttpClientFactory implements IHttpClientFactory { return null; } + @Override + public CloseableHttpClient getHttpClient(HttpClientConfiguration config) throws EaafException { + // TODO Auto-generated method stub + return null; + } + } diff --git a/eaaf_core_utils/pom.xml b/eaaf_core_utils/pom.xml index 1f5467ab..681152f7 100644 --- a/eaaf_core_utils/pom.xml +++ b/eaaf_core_utils/pom.xml @@ -100,6 +100,16 @@ guava test + + com.squareup.okhttp3 + mockwebserver + test + + + com.squareup.okhttp3 + okhttp-tls + test + diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java new file mode 100644 index 00000000..1e1e2137 --- /dev/null +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java @@ -0,0 +1,50 @@ +package at.gv.egiz.eaaf.core.impl.http; + +import java.net.Socket; +import java.util.Map; + +import org.apache.commons.lang3.StringUtils; +import org.apache.http.ssl.PrivateKeyDetails; +import org.apache.http.ssl.PrivateKeyStrategy; + +import lombok.extern.slf4j.Slf4j; + +/** + * Private Key selection implementation for Apache HTTP clients. + * + * @author tlenz + * + */ +@Slf4j +public class EaafSslKeySelectionStrategy implements PrivateKeyStrategy { + + private final String keyAlias; + + /** + * Private Key selection implementation for Apache HTTP clients. + * + * @param alias Alias of the Key that should be used for SSL client authentication. + */ + public EaafSslKeySelectionStrategy(String alias) { + this.keyAlias = alias; + + } + + @Override + public String chooseAlias(Map aliases, Socket socket) { + log.trace("Selection SSL client-auth key for alias: {}", keyAlias); + final PrivateKeyDetails selected = aliases.get(keyAlias); + if (selected != null) { + log.trace("Select SL client-auth key with type:", selected.getType()); + return keyAlias; + + } else { + log.warn("KeyStore contains NO key with alias: {}. Using first key from keystore", keyAlias); + log.info("Available aliases: {}", StringUtils.join(aliases.keySet(), ", ")); + return aliases.keySet().iterator().next(); + + } + + } + +} diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java new file mode 100644 index 00000000..582ad545 --- /dev/null +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java @@ -0,0 +1,191 @@ +package at.gv.egiz.eaaf.core.impl.http; + +import java.text.MessageFormat; +import java.util.UUID; + +import javax.annotation.Nonnull; + +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; + +import org.apache.commons.lang3.StringUtils; + +import lombok.Getter; +import lombok.Setter; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Getter +public class HttpClientConfiguration { + + private static final String MSG_KEYSTORE_NAME = "KeyStore for httpClient: {0}"; + + private static final String ERROR_00 = "internal.httpclient.00"; + private static final String ERROR_01 = "internal.httpclient.01"; + private static final String ERROR_02 = "internal.httpclient.02"; + + @Nonnull + private final String friendlyName; + + @Nonnull + private final String uuid; + + @Nonnull + private ClientAuthMode authMode = ClientAuthMode.NONE; + + @Setter + private String username; + + @Setter + private String password; + + @Setter + boolean disableHostnameValidation = false; + + @Setter + boolean disableTlsHostCertificateValidation = false; + + + private KeyStoreConfiguration keyStoreConfig; + + @Setter + private String sslKeyAlias; + + @Setter + private String sslKeyPassword; + + @Setter + private boolean followHttpRedirects = true; + + /** + * Get a new HTTP-client configuration object. + * + * @param name FriendlyName of this http client for logging purposes. + */ + public HttpClientConfiguration(String name) { + this.friendlyName = name; + this.uuid = UUID.randomUUID().toString(); + + } + + /** + * Set Client authentication-mode from configuration property. + * + *

If the mode is unknown than the {@link ClientAuthMode} is set to NONE

+ * + * @param authModeString Modes from {@link ClientAuthMode} + */ + public void setAuthMode(String authModeString) { + final ClientAuthMode configAuthMode = HttpClientConfiguration.ClientAuthMode.fromString(authModeString); + if (configAuthMode != null) { + authMode = configAuthMode; + + } else { + log.warn("Can Not parse ClientAuthMode for client: {}! Set mode to default value", + friendlyName); + + } + } + + + /** + * Validate the internal state of this configuration object. + * + * @throws EaafConfigurationException In case of a configuration error + */ + public void validate() throws EaafConfigurationException { + log.trace("Validating http-client: {}", this.friendlyName); + if (this.authMode.equals(ClientAuthMode.PASSWORD)) { + if (StringUtils.isEmpty(this.username)) { + throw new EaafConfigurationException(ERROR_00, new Object[] {this.friendlyName}); + + } + + if (StringUtils.isEmpty(this.password)) { + log.warn("Http basic authentication was activated but NOT username was set!"); + + } + + } else if (this.authMode.equals(ClientAuthMode.SSL)) { + if (this.keyStoreConfig == null) { + throw new EaafConfigurationException(ERROR_01, new Object[] {this.friendlyName}); + + } else { + log.trace("Validating KeyStore: {} for http-client: {} ...", + this.keyStoreConfig.getFriendlyName(), this.friendlyName); + this.keyStoreConfig.validate(); + + } + + if (StringUtils.isEmpty(this.sslKeyPassword)) { + throw new EaafConfigurationException(ERROR_02, new Object[] { + this.friendlyName, this.keyStoreConfig.getFriendlyName()}); + + } + } + + } + + /** + * Build a {@link KeyStoreConfiguration} object from configuration parameters. + * + * @param keyStoreType String based KeyStore type + * @param keyStorePath Path to KeyStore in case of a software based KeyStore + * @param keyStorePassword Password in case of a software based KeyStore + * @param keyStoreName Name of the KeyStore in case of a named KeyStore like HSM-Facade + * @throws EaafConfigurationException In case of a configuration error + */ + public void buildKeyStoreConfig(String keyStoreType, String keyStorePath, + String keyStorePassword, String keyStoreName) throws EaafConfigurationException { + final KeyStoreConfiguration config = new KeyStoreConfiguration(); + config.setKeyStoreType(keyStoreType); + config.setFriendlyName(MessageFormat.format(MSG_KEYSTORE_NAME, friendlyName)); + config.setSoftKeyStoreFilePath(keyStorePath); + config.setSoftKeyStorePassword(keyStorePassword); + config.setKeyStoreName(keyStoreName); + this.keyStoreConfig = config; + + } + + public enum ClientAuthMode { + NONE("none"), PASSWORD("password"), SSL("ssl"); + + private final String mode; + + ClientAuthMode(final String mode) { + this.mode = mode; + } + + /** + * Get the PVP mode. + * + * @return + */ + public String getMode() { + return this.mode; + } + + /** + * Get http-client authentication mode from String representation. + * + * @param s Config parameter + * @return + */ + public static ClientAuthMode fromString(final String s) { + try { + return ClientAuthMode.valueOf(s.toUpperCase()); + + } catch (IllegalArgumentException | NullPointerException e) { + return null; + } + } + + @Override + public String toString() { + return getMode(); + + } + + } + +} diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java new file mode 100644 index 00000000..b6e660da --- /dev/null +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java @@ -0,0 +1,360 @@ +package at.gv.egiz.eaaf.core.impl.http; + +import java.security.KeyStore; +import java.security.NoSuchAlgorithmException; +import java.util.HashMap; +import java.util.Map; + +import javax.annotation.Nonnull; +import javax.annotation.PostConstruct; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLContext; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; + +import org.apache.commons.lang3.StringUtils; +import org.apache.http.HttpRequest; +import org.apache.http.HttpResponse; +import org.apache.http.ProtocolException; +import org.apache.http.auth.AuthScope; +import org.apache.http.auth.UsernamePasswordCredentials; +import org.apache.http.client.CredentialsProvider; +import org.apache.http.client.RedirectStrategy; +import org.apache.http.client.config.RequestConfig; +import org.apache.http.client.methods.HttpUriRequest; +import org.apache.http.config.Registry; +import org.apache.http.config.RegistryBuilder; +import org.apache.http.conn.socket.ConnectionSocketFactory; +import org.apache.http.conn.socket.LayeredConnectionSocketFactory; +import org.apache.http.conn.socket.PlainConnectionSocketFactory; +import org.apache.http.conn.ssl.NoopHostnameVerifier; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.impl.client.BasicCredentialsProvider; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.DefaultRedirectStrategy; +import org.apache.http.impl.client.HttpClientBuilder; +import org.apache.http.impl.client.HttpClients; +import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; +import org.apache.http.protocol.HttpContext; +import org.springframework.beans.factory.annotation.Autowired; + +import lombok.extern.slf4j.Slf4j; + +@Slf4j +public class HttpClientFactory implements IHttpClientFactory { + + @Autowired + private IConfiguration basicConfig; + @Autowired + private EaafKeyStoreFactory keyStoreFactory; + + private static final String ERROR_03 = "internal.httpclient.03"; + + public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE = + "client.http.connection.pool.use"; + public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL = + "client.http.connection.pool.maxtotal"; + public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE = + "client.http.connection.pool.maxperroute"; + public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET = + "client.http.connection.timeout.socket"; + public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION = + "client.http.connection.timeout.connection"; + public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST = + "client.http.connection.timeout.request"; + public static final String PROP_CONFIG_CLIENT_HTTP_SSL_HOSTNAMEVERIFIER_TRUSTALL = + "client.http.ssl.hostnameverifier.trustall"; + + public static final String PROP_CONFIG_CLIENT_MODE = "client.authmode"; + public static final String PROP_CONFIG_CLIENT_AUTH_HTTP_USERNAME = "client.auth.http.username"; + public static final String PROP_CONFIG_CLIENT_AUTH_HTTP_PASSORD = "client.auth.http.password"; + public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PATH = + "client.auth.ssl.keystore.path"; + public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD = + "client.auth.ssl.keystore.password"; + private static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_NAME = + "client.auth.ssl.keystore.name"; + public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE = + "client.auth.ssl.keystore.type"; + public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEY_ALIAS = + "client.auth.ssl.key.alias"; + public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD = + "client.auth.ssl.key.password"; + + // default configuration values + public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET = "15"; + public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION = "15"; + public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST = "30"; + public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL = "500"; + public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE = "100"; + + private String defaultConfigurationId = null; + private final Map availableBuilders = new HashMap<>(); + + /* + * (non-Javadoc) + * + * @see at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory#getHttpClient() + */ + @Override + public CloseableHttpClient getHttpClient() { + return getHttpClient(true); + + } + + @Override + public CloseableHttpClient getHttpClient(final boolean followRedirects) { + return availableBuilders.get(defaultConfigurationId).setRedirectStrategy( + buildRedirectStrategy(followRedirects)).build(); + + } + + @Override + public CloseableHttpClient getHttpClient(@Nonnull HttpClientConfiguration config) throws EaafException { + log.trace("Build http client for: {}", config.getFriendlyName()); + HttpClientBuilder builder = null; + if (availableBuilders.containsKey(config.getUuid())) { + builder = availableBuilders.get(config.getUuid()); + + } else { + log.debug("Initialize new http-client builder for: {}", config.getFriendlyName()); + + //validate configuration object + config.validate(); + + builder = HttpClients.custom(); + builder.setDefaultRequestConfig(buildDefaultRequestConfig()); + + //inject basic authentication infos + injectBasicAuthenticationIfRequired(builder, config); + + //inject authentication if required + final LayeredConnectionSocketFactory sslConnectionFactory = getSslContext(config); + + // set pool connection if required + injectDefaultConnectionPoolIfRequired(builder, sslConnectionFactory); + + availableBuilders.put(config.getUuid(), builder); + + } + + return builder.setRedirectStrategy( + buildRedirectStrategy(config.isFollowHttpRedirects())).build(); + + } + + @PostConstruct + private void initalize() throws EaafException { + final HttpClientConfiguration defaultHttpClientConfig = buildDefaultHttpClientConfiguration(); + + // initialize http client + log.trace("Initializing default HTTP-Client builder ... "); + final HttpClientBuilder defaultHttpClientBuilder = HttpClients.custom(); + + // set default request configuration + defaultHttpClientBuilder.setDefaultRequestConfig(buildDefaultRequestConfig()); + + //inject http basic authentication + injectBasicAuthenticationIfRequired(defaultHttpClientBuilder, defaultHttpClientConfig); + + // inject authentication if required + final LayeredConnectionSocketFactory sslConnectionFactory = + getSslContext(defaultHttpClientConfig); + + // set pool connection if required + injectDefaultConnectionPoolIfRequired(defaultHttpClientBuilder, sslConnectionFactory); + + //set default http client builder + defaultConfigurationId = defaultHttpClientConfig.getUuid(); + availableBuilders.put(defaultConfigurationId, defaultHttpClientBuilder); + + } + + private HttpClientConfiguration buildDefaultHttpClientConfiguration() throws EaafConfigurationException { + final HttpClientConfiguration config = new HttpClientConfiguration("Default"); + + // inject basic http authentication if required + config.setAuthMode(basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_MODE, + HttpClientConfiguration.ClientAuthMode.NONE.getMode())); + log.info("Default client authentication-mode is set to: {}", config.getAuthMode()); + + // set Username and Password if available + config.setUsername(basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_HTTP_USERNAME)); + config.setPassword(basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_HTTP_PASSORD)); + + // set SSL Client auth. informations if available + config.buildKeyStoreConfig( + basicConfig.getBasicConfiguration( + PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE, KeyStoreType.PKCS12.getKeyStoreType()), + basicConfig.getBasicConfiguration( + PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PATH, StringUtils.EMPTY), + basicConfig.getBasicConfiguration( + PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD, StringUtils.EMPTY), + basicConfig.getBasicConfiguration( + PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_NAME, StringUtils.EMPTY)); + + config.setSslKeyAlias( + basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEY_ALIAS)); + config.setSslKeyPassword( + basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD)); + + config.setDisableHostnameValidation(basicConfig.getBasicConfigurationBoolean( + PROP_CONFIG_CLIENT_HTTP_SSL_HOSTNAMEVERIFIER_TRUSTALL, false)); + + // validate configuration object + config.validate(); + + return config; + } + + private void injectBasicAuthenticationIfRequired(HttpClientBuilder builder, + final HttpClientConfiguration httpClientConfig) { + if (httpClientConfig.getAuthMode().equals(HttpClientConfiguration.ClientAuthMode.PASSWORD)) { + final CredentialsProvider provider = new BasicCredentialsProvider(); + log.trace("Injecting basic authentication with username: {} and password: {}", + httpClientConfig.getUsername(), httpClientConfig.getPassword()); + final UsernamePasswordCredentials credentials = new UsernamePasswordCredentials( + httpClientConfig.getUsername(), httpClientConfig.getPassword()); + + final AuthScope scope = new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT, AuthScope.ANY_REALM); + provider.setCredentials(scope, credentials); + builder.setDefaultCredentialsProvider(provider); + log.info("Basic http authentication was injected with username: {}", + httpClientConfig.getUsername()); + + } else { + log.trace("Injection of Http Basic authentication was skipped"); + + } + + } + + @Nonnull + private LayeredConnectionSocketFactory getSslContext(final HttpClientConfiguration httpClientConfig) + throws EaafException { + SSLContext sslContext = null; + try { + if (httpClientConfig.getAuthMode().equals(HttpClientConfiguration.ClientAuthMode.SSL)) { + log.debug("Open keyStore with type: {}", httpClientConfig.getKeyStoreConfig().getKeyStoreType()); + final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(httpClientConfig.getKeyStoreConfig()) + .getFirst(); + + log.trace("Injecting SSL client-authentication into http client ... "); + sslContext = HttpUtils.buildSslContextWithSslClientAuthentication(keyStore, + httpClientConfig.getSslKeyAlias(), httpClientConfig.getSslKeyPassword(), + httpClientConfig.isDisableTlsHostCertificateValidation(), httpClientConfig.getFriendlyName()); + + } else { + log.trace("Initializing default SSL Context ... "); + sslContext = SSLContext.getDefault(); + + } + + // set hostname verifier + HostnameVerifier hostnameVerifier = null; + if (httpClientConfig.isDisableHostnameValidation()) { + hostnameVerifier = new NoopHostnameVerifier(); + log.warn("HTTP client-builder deactivates SSL Host-name verification!"); + + } + + final LayeredConnectionSocketFactory sslSocketFactory = + new SSLConnectionSocketFactory(sslContext, hostnameVerifier); + log.debug("HTTP client-builder successfuly initialized"); + return sslSocketFactory; + + } catch (final NoSuchAlgorithmException e) { + log.warn("HTTP client-builder can NOT initialze SSL-Context", e); + throw new EaafFactoryException(ERROR_03, new Object[] { + httpClientConfig.getFriendlyName(), e.getMessage()}, e); + + } + + } + + private void injectDefaultConnectionPoolIfRequired( + HttpClientBuilder builder, final LayeredConnectionSocketFactory sslConnectionFactory) { + if (basicConfig.getBasicConfigurationBoolean(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE, + true)) { + PoolingHttpClientConnectionManager pool; + + // set socketFactoryRegistry if SSLConnectionFactory is Set + if (sslConnectionFactory != null) { + final Registry socketFactoryRegistry = + RegistryBuilder.create() + .register("http", PlainConnectionSocketFactory.getSocketFactory()) + .register("https", sslConnectionFactory).build(); + log.trace("Inject SSLSocketFactory into pooled connection"); + pool = new PoolingHttpClientConnectionManager(socketFactoryRegistry); + + } else { + pool = new PoolingHttpClientConnectionManager(); + + } + + pool.setDefaultMaxPerRoute(Integer.parseInt( + basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE, + DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE))); + pool.setMaxTotal(Integer.parseInt( + basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL, + DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL))); + + builder.setConnectionManager(pool); + log.debug("Initalize http-client pool with, maxTotal: {} maxPerRoute: {}", pool.getMaxTotal(), + pool.getDefaultMaxPerRoute()); + + } else if (sslConnectionFactory != null) { + log.trace("Inject SSLSocketFactory without connection pool"); + builder.setSSLSocketFactory(sslConnectionFactory); + + } + + } + + private RequestConfig buildDefaultRequestConfig() { + final RequestConfig requestConfig = + RequestConfig.custom() + .setConnectTimeout( + Integer.parseInt(basicConfig.getBasicConfiguration( + PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION, + DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION)) * 1000) + .setConnectionRequestTimeout(Integer.parseInt(basicConfig.getBasicConfiguration( + PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST, + DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST)) * 1000) + .setSocketTimeout(Integer.parseInt( + basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET, + DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET)) + * 1000) + .build(); + return requestConfig; + + } + + private static RedirectStrategy buildRedirectStrategy(final boolean followRedirects) { + RedirectStrategy redirectStrategy = new DefaultRedirectStrategy(); + if (!followRedirects) { + redirectStrategy = new RedirectStrategy() { + + @Override + public boolean isRedirected(final HttpRequest request, final HttpResponse response, + final HttpContext context) throws ProtocolException { + return false; + } + + @Override + public HttpUriRequest getRedirect(final HttpRequest request, final HttpResponse response, + final HttpContext context) throws ProtocolException { + return null; + } + }; + } + return redirectStrategy; + + } + +} diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java new file mode 100644 index 00000000..2d514912 --- /dev/null +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java @@ -0,0 +1,194 @@ +/* + * Copyright 2014 Federal Chancellery Austria MOA-ID has been developed in a cooperation between + * BRZ, the Federal Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by the European + * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in + * compliance with the Licence. You may obtain a copy of the Licence at: http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software distributed under the Licence + * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the Licence for the specific language governing permissions and limitations under + * the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text file for details on the + * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative + * works that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.gv.egiz.eaaf.core.impl.http; + +import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; + +import javax.annotation.Nonnull; +import javax.annotation.Nullable; +import javax.net.ssl.SSLContext; +import javax.servlet.http.HttpServletRequest; + +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; + +import org.apache.commons.lang3.StringUtils; +import org.apache.http.conn.ssl.TrustAllStrategy; +import org.apache.http.ssl.SSLContextBuilder; +import org.apache.http.ssl.SSLContexts; +import org.apache.http.ssl.TrustStrategy; + +import lombok.extern.slf4j.Slf4j; + +@Slf4j +public class HttpUtils { + + private static final String ERROR_03 = "internal.httpclient.03"; + + /** + * Helper method to retrieve server URL including context path. + * + * @param request HttpServletRequest + * @return Server URL including context path (e.g. + * http://localhost:8443/moa-id-auth + */ + public static String getBaseUrl(final HttpServletRequest request) { + final StringBuffer buffer = new StringBuffer(getServerUrl(request)); + + // add context path if available + final String contextPath = request.getContextPath(); + if (!StringUtils.isEmpty(contextPath)) { + buffer.append(contextPath); + } + + return buffer.toString(); + } + + /** + * Helper method to retrieve server URL. + * + * @param request HttpServletRequest + * @return Server URL (e.g. http://localhost:8443) + */ + public static String getServerUrl(final HttpServletRequest request) { + final StringBuffer buffer = new StringBuffer(); + + // get protocol + final String protocol = request.getScheme(); + buffer.append(protocol).append("://"); + + // server name + buffer.append(request.getServerName()); + + // add port if necessary + final int port = request.getServerPort(); + if (protocol.equals("http") && port != 80 || protocol.equals("https") && port != 443) { + buffer.append(':'); + buffer.append(port); + } + + return buffer.toString(); + } + + /** + * Extract the IDP PublicURLPrefix from authrequest. + * + * @param req HttpServletRequest + * @return PublicURLPrefix which ends always without / + */ + public static String extractAuthUrlFromRequest(final HttpServletRequest req) { + String authUrl = req.getScheme() + "://" + req.getServerName(); + if (req.getScheme().equalsIgnoreCase("https") && req.getServerPort() != 443 + || req.getScheme().equalsIgnoreCase("http") && req.getServerPort() != 80) { + authUrl = authUrl.concat(":" + req.getServerPort()); + } + authUrl = authUrl.concat(req.getContextPath()); + return authUrl; + + } + + /** + * Extract the IDP requested URL from authrequest. + * + * @param req HttpServletRequest + * @return RequestURL which ends always without / + */ + public static String extractAuthServletPathFromRequest(final HttpServletRequest req) { + return extractAuthUrlFromRequest(req).concat(req.getServletPath()); + + } + + /** + * Add a http GET parameter to URL. + * + * @param url URL + * @param paramname Name of the parameter. + * @param paramvalue Value of the parameter. + * @return + */ + public static String addUrlParameter(final String url, final String paramname, + final String paramvalue) { + final String param = paramname + "=" + paramvalue; + if (url.indexOf("?") < 0) { + return url + "?" + param; + } else { + return url + "&" + param; + } + } + + /** + * Initialize a {@link SSLContext} with a {@link KeyStore} that uses X509 Client + * authentication. + * + * @param keyStore KeyStore with private keys that should be + * used + * @param keyAlias Alias of the key that should be used. If + * the alias is null, than the first key that + * is found will be selected. + * @param keyPasswordString Password of the Key in this keystore + * @param trustAllServerCertificates Deactivate SSL server-certificate + * validation + * @param friendlyName FriendlyName of the http client for logging + * purposes + * @return {@link SSLContext} with X509 client authentication + * @throws EaafConfigurationException In case of a configuration error + * @throws EaafFactoryException In case of a {@link SSLContext} + * initialization error + */ + public static SSLContext buildSslContextWithSslClientAuthentication(@Nonnull final KeyStore keyStore, + @Nullable String keyAlias, @Nullable String keyPasswordString, + boolean trustAllServerCertificates, @Nonnull String friendlyName) + throws EaafConfigurationException, EaafFactoryException { + try { + log.trace("Open SSL Client-Auth keystore with password: {}", keyPasswordString); + final char[] keyPassword = keyPasswordString == null ? StringUtils.EMPTY.toCharArray() + : keyPasswordString.toCharArray(); + + SSLContextBuilder sslContextBuilder = SSLContexts.custom(); + if (StringUtils.isNotEmpty(keyAlias)) { + sslContextBuilder = sslContextBuilder + .loadKeyMaterial(keyStore, keyPassword, new EaafSslKeySelectionStrategy(keyAlias)); + + } else { + sslContextBuilder = sslContextBuilder + .loadKeyMaterial(keyStore, keyPassword); + + } + + if (trustAllServerCertificates) { + log.warn("Http-client:{} trusts ALL TLS server-certificates!"); + final TrustStrategy trustStrategy = new TrustAllStrategy(); + sslContextBuilder = sslContextBuilder.loadTrustMaterial(trustStrategy); + + } + + return sslContextBuilder.build(); + + } catch (NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException + | KeyStoreException e) { + throw new EaafFactoryException(ERROR_03, new Object[] { friendlyName, e.getMessage() }, e); + + } + } + +} diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/IHttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/IHttpClientFactory.java new file mode 100644 index 00000000..7ec58d46 --- /dev/null +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/IHttpClientFactory.java @@ -0,0 +1,43 @@ +package at.gv.egiz.eaaf.core.impl.http; + +import javax.annotation.Nonnull; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; + +import org.apache.http.impl.client.CloseableHttpClient; + +public interface IHttpClientFactory { + + /** + * Return an instance of a Apache HTTP client that uses + * default configuration properties from {@link IHttpClientFactory} implementation + * and follows http redirects automatically. + * + * @return http client + */ + @Nonnull + CloseableHttpClient getHttpClient(); + + /** + * Return an instance of a Apache HTTP client that uses + * default configuration properties from {@link IHttpClientFactory} implementation. + * + * @param followRedirects if false, the client does not flow 30x + * http redirects + * @return http client + */ + @Nonnull + CloseableHttpClient getHttpClient(boolean followRedirects); + + /** + * Return an instance of a Apache HTTP client based in {@link HttpClientConfiguration}. + * + * @param config Configuration object for this http client + * @return http client + * @throws EaafException In case of a http-client initialization problem + */ + @Nonnull + CloseableHttpClient getHttpClient(@Nonnull HttpClientConfiguration config) + throws EaafException; + +} diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java deleted file mode 100644 index e681e705..00000000 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java +++ /dev/null @@ -1,370 +0,0 @@ -package at.gv.egiz.eaaf.core.impl.utils; - -import java.security.KeyManagementException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.UnrecoverableKeyException; - -import javax.annotation.PostConstruct; -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.SSLContext; - -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; - -import org.apache.commons.lang3.StringUtils; -import org.apache.http.HttpRequest; -import org.apache.http.HttpResponse; -import org.apache.http.ProtocolException; -import org.apache.http.auth.AuthScope; -import org.apache.http.auth.UsernamePasswordCredentials; -import org.apache.http.client.CredentialsProvider; -import org.apache.http.client.RedirectStrategy; -import org.apache.http.client.config.RequestConfig; -import org.apache.http.client.methods.HttpUriRequest; -import org.apache.http.config.Registry; -import org.apache.http.config.RegistryBuilder; -import org.apache.http.conn.socket.ConnectionSocketFactory; -import org.apache.http.conn.socket.LayeredConnectionSocketFactory; -import org.apache.http.conn.socket.PlainConnectionSocketFactory; -import org.apache.http.conn.ssl.NoopHostnameVerifier; -import org.apache.http.conn.ssl.SSLConnectionSocketFactory; -import org.apache.http.impl.client.BasicCredentialsProvider; -import org.apache.http.impl.client.CloseableHttpClient; -import org.apache.http.impl.client.DefaultRedirectStrategy; -import org.apache.http.impl.client.HttpClientBuilder; -import org.apache.http.impl.client.HttpClients; -import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; -import org.apache.http.protocol.HttpContext; -import org.apache.http.ssl.SSLContexts; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.core.io.ResourceLoader; - -import lombok.extern.slf4j.Slf4j; - -@Slf4j -public class HttpClientFactory implements IHttpClientFactory { - - @Autowired(required = true) - private IConfiguration basicConfig; - - @Autowired(required = true) - ResourceLoader resourceLoader; - - @Autowired private EaafKeyStoreFactory keyStoreFactory; - - public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE = - "client.http.connection.pool.use"; - public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL = - "client.http.connection.pool.maxtotal"; - public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE = - "client.http.connection.pool.maxperroute"; - public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET = - "client.http.connection.timeout.socket"; - public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION = - "client.http.connection.timeout.connection"; - public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST = - "client.http.connection.timeout.request"; - public static final String PROP_CONFIG_CLIENT_HTTP_SSL_HOSTNAMEVERIFIER_TRUSTALL = - "client.http.ssl.hostnameverifier.trustall"; - - public static final String PROP_CONFIG_CLIENT_MODE = "client.authmode"; - public static final String PROP_CONFIG_CLIENT_AUTH_HTTP_USERNAME = "client.auth.http.username"; - public static final String PROP_CONFIG_CLIENT_AUTH_HTTP_PASSORD = "client.auth.http.password"; - public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PATH = - "client.auth.ssl.keystore.path"; - public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD = - "client.auth.ssl.keystore.password"; - private static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_NAME = - "client.auth.ssl.keystore.name"; - public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE = - "client.auth.ssl.keystore.type"; - public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD = - "client.auth.ssl.key.password"; - public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEY_ALIAS = "client.auth.ssl.key.alias"; - - // default configuration values - public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET = "15"; - public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION = "15"; - public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST = "30"; - public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL = "500"; - public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE = "100"; - - public enum ClientAuthMode { - NONE("none"), PASSWORD("password"), SSL("ssl"); - - private final String mode; - - ClientAuthMode(final String mode) { - this.mode = mode; - } - - /** - * Get the PVP mode. - * - * @return - */ - public String getMode() { - return this.mode; - } - - /** - * Get http-client authentication mode from String representation. - * - * @param s Config parameter - * @return - */ - public static ClientAuthMode fromString(final String s) { - try { - return ClientAuthMode.valueOf(s.toUpperCase()); - - } catch (IllegalArgumentException | NullPointerException e) { - return null; - } - } - - @Override - public String toString() { - return getMode(); - - } - - } - - private HttpClientBuilder httpClientBuilder = null; - - /* - * (non-Javadoc) - * - * @see at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory#getHttpClient() - */ - @Override - public CloseableHttpClient getHttpClient() { - return getHttpClient(true); - - } - - @Override - public CloseableHttpClient getHttpClient(final boolean followRedirects) { - RedirectStrategy redirectStrategy = new DefaultRedirectStrategy(); - if (!followRedirects) { - redirectStrategy = new RedirectStrategy() { - - @Override - public boolean isRedirected(final HttpRequest request, final HttpResponse response, - final HttpContext context) throws ProtocolException { - return false; - } - - @Override - public HttpUriRequest getRedirect(final HttpRequest request, final HttpResponse response, - final HttpContext context) throws ProtocolException { - return null; - } - }; - } - - return httpClientBuilder.setRedirectStrategy(redirectStrategy).build(); - - } - - @PostConstruct - private void initalize() { - // initialize http client - log.trace("Initializing HTTP Client-builder ... "); - httpClientBuilder = HttpClients.custom(); - - // set default request configuration - final RequestConfig requestConfig = - RequestConfig.custom() - .setConnectTimeout( - Integer.parseInt(basicConfig.getBasicConfiguration( - PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION, - DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION)) * 1000) - .setConnectionRequestTimeout(Integer.parseInt(basicConfig.getBasicConfiguration( - PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST, - DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST)) * 1000) - .setSocketTimeout(Integer.parseInt( - basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET, - DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET)) - * 1000) - .build(); - httpClientBuilder.setDefaultRequestConfig(requestConfig); - - ClientAuthMode clientAuthMode = ClientAuthMode.fromString( - basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_MODE, ClientAuthMode.NONE.getMode())); - if (clientAuthMode == null) { - log.warn("Can Not parse ClientAuthMode! Set mode to default value"); - clientAuthMode = ClientAuthMode.NONE; - - } - - // inject basic http authentication if required - log.info("Client authentication-mode is set to: {}", clientAuthMode); - injectBasicAuthenticationIfRequired(clientAuthMode); - - // inject authentication if required - final LayeredConnectionSocketFactory sslConnectionFactory = getSslContext(clientAuthMode); - - // set pool connection if required - injectConnectionPoolIfRequired(sslConnectionFactory); - - } - - private void injectBasicAuthenticationIfRequired(final ClientAuthMode clientAuthMode) { - if (clientAuthMode.equals(ClientAuthMode.PASSWORD)) { - final CredentialsProvider provider = new BasicCredentialsProvider(); - - final String username = - basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_HTTP_USERNAME); - final String password = - basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_HTTP_PASSORD); - - if (StringUtils.isEmpty(username)) { - log.warn("Http basic authentication was activated but NOT username was set!"); - - } - - log.trace("Injecting basic authentication with username: {} and password: {}", username, - password); - final UsernamePasswordCredentials credentials = - new UsernamePasswordCredentials(username, password); - provider.setCredentials(AuthScope.ANY, credentials); - httpClientBuilder.setDefaultCredentialsProvider(provider); - log.info("Basic http authentication was injected with username: {}", username); - - } else { - log.trace("Injection of Http Basic authentication was skipped"); - - } - - } - - private SSLContext buildSslContextWithSslClientAuthentication() - throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, - KeyStoreException, EaafConfigurationException { - log.trace("Injecting SSL client-authentication into http client ... "); - final KeyStore keystore = getSslAuthKeyStore(); - final String keyPasswordString = - basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD); - log.trace("Open SSL Client-Auth keystore with password: {}", keyPasswordString); - final char[] keyPassword = keyPasswordString == null ? StringUtils.EMPTY.toCharArray() - : keyPasswordString.toCharArray(); - return SSLContexts.custom().loadKeyMaterial(keystore, keyPassword).build(); - - } - - private KeyStore getSslAuthKeyStore() throws EaafConfigurationException { - final String keyStoreType = basicConfig.getBasicConfiguration( - PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE, KeyStoreType.PKCS12.getKeyStoreType()); - final String localKeyStorePath = basicConfig - .getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PATH, StringUtils.EMPTY); - final String keyStorePassword = basicConfig - .getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD, StringUtils.EMPTY); - final String keyStoreName = basicConfig - .getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_NAME, StringUtils.EMPTY); - - try { - final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); - keyStoreConfig.setKeyStoreType(keyStoreType); - keyStoreConfig.setFriendlyName("HttpClient Keystore"); - keyStoreConfig.setSoftKeyStoreFilePath(localKeyStorePath); - keyStoreConfig.setSoftKeyStorePassword(keyStorePassword); - keyStoreConfig.setKeyStoreName(keyStoreName); - - log.debug("Open keyStore with type: {}", keyStoreType); - final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig).getFirst(); - - return keyStore; - - } catch (final EaafException e) { - log.warn("Can NOT read keyStore: {} from filesystem", localKeyStorePath, null, e); - throw new EaafConfigurationException("Can NOT read keyStore: {} from filesystem", - new Object[] { localKeyStorePath }, e); - - } - - } - - private LayeredConnectionSocketFactory getSslContext(final ClientAuthMode clientAuthMode) { - SSLContext sslContext = null; - try { - if (clientAuthMode.equals(ClientAuthMode.SSL)) { - sslContext = buildSslContextWithSslClientAuthentication(); - - } else { - log.trace("Initializing default SSL Context ... "); - sslContext = SSLContext.getDefault(); - - } - - // set hostname verifier - HostnameVerifier hostnameVerifier = null; - if (basicConfig.getBasicConfigurationBoolean( - PROP_CONFIG_CLIENT_HTTP_SSL_HOSTNAMEVERIFIER_TRUSTALL, false)) { - hostnameVerifier = new NoopHostnameVerifier(); - log.warn("HTTP client-builder deactivates SSL Host-name verification!"); - - } - - final LayeredConnectionSocketFactory sslSocketFactory = - new SSLConnectionSocketFactory(sslContext, hostnameVerifier); - - return sslSocketFactory; - - } catch (final NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException - | KeyStoreException | EaafConfigurationException e) { - log.warn("HTTP client-builder can NOT initialze SSL-Context", e); - - } - - log.info("HTTP client-builder successfuly initialized"); - return null; - - } - - private void injectConnectionPoolIfRequired( - final LayeredConnectionSocketFactory sslConnectionFactory) { - if (basicConfig.getBasicConfigurationBoolean(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE, - true)) { - PoolingHttpClientConnectionManager pool; - - // set socketFactoryRegistry if SSLConnectionFactory is Set - if (sslConnectionFactory != null) { - final Registry socketFactoryRegistry = - RegistryBuilder.create() - .register("http", PlainConnectionSocketFactory.getSocketFactory()) - .register("https", sslConnectionFactory).build(); - log.trace("Inject SSLSocketFactory into pooled connection"); - pool = new PoolingHttpClientConnectionManager(socketFactoryRegistry); - - } else { - pool = new PoolingHttpClientConnectionManager(); - - } - - pool.setDefaultMaxPerRoute(Integer.parseInt( - basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE, - DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE))); - pool.setMaxTotal(Integer.parseInt( - basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL, - DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL))); - - httpClientBuilder.setConnectionManager(pool); - log.debug("Initalize http-client pool with, maxTotal: {} maxPerRoute: {}", pool.getMaxTotal(), - pool.getDefaultMaxPerRoute()); - - } else if (sslConnectionFactory != null) { - log.trace("Inject SSLSocketFactory without connection pool"); - httpClientBuilder.setSSLSocketFactory(sslConnectionFactory); - - } - - } - -} diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java deleted file mode 100644 index 66356ba0..00000000 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java +++ /dev/null @@ -1,118 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria MOA-ID has been developed in a cooperation between - * BRZ, the Federal Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by the European - * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in - * compliance with the Licence. You may obtain a copy of the Licence at: http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software distributed under the Licence - * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the Licence for the specific language governing permissions and limitations under - * the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text file for details on the - * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative - * works that you distribute must include a readable copy of the "NOTICE" text file. -*/ - -package at.gv.egiz.eaaf.core.impl.utils; - -import javax.servlet.http.HttpServletRequest; - -import org.apache.commons.lang3.StringUtils; - -public class HttpUtils { - - /** - * Helper method to retrieve server URL including context path. - * - * @param request HttpServletRequest - * @return Server URL including context path (e.g. - * http://localhost:8443/moa-id-auth - */ - public static String getBaseUrl(final HttpServletRequest request) { - final StringBuffer buffer = new StringBuffer(getServerUrl(request)); - - // add context path if available - final String contextPath = request.getContextPath(); - if (!StringUtils.isEmpty(contextPath)) { - buffer.append(contextPath); - } - - return buffer.toString(); - } - - /** - * Helper method to retrieve server URL. - * - * @param request HttpServletRequest - * @return Server URL (e.g. http://localhost:8443) - */ - public static String getServerUrl(final HttpServletRequest request) { - final StringBuffer buffer = new StringBuffer(); - - // get protocol - final String protocol = request.getScheme(); - buffer.append(protocol).append("://"); - - // server name - buffer.append(request.getServerName()); - - // add port if necessary - final int port = request.getServerPort(); - if (protocol.equals("http") && port != 80 || protocol.equals("https") && port != 443) { - buffer.append(':'); - buffer.append(port); - } - - return buffer.toString(); - } - - /** - * Extract the IDP PublicURLPrefix from authrequest. - * - * @param req HttpServletRequest - * @return PublicURLPrefix which ends always without / - */ - public static String extractAuthUrlFromRequest(final HttpServletRequest req) { - String authUrl = req.getScheme() + "://" + req.getServerName(); - if (req.getScheme().equalsIgnoreCase("https") && req.getServerPort() != 443 - || req.getScheme().equalsIgnoreCase("http") && req.getServerPort() != 80) { - authUrl = authUrl.concat(":" + req.getServerPort()); - } - authUrl = authUrl.concat(req.getContextPath()); - return authUrl; - - } - - /** - * Extract the IDP requested URL from authrequest. - * - * @param req HttpServletRequest - * @return RequestURL which ends always without / - */ - public static String extractAuthServletPathFromRequest(final HttpServletRequest req) { - return extractAuthUrlFromRequest(req).concat(req.getServletPath()); - - } - - /** - * Add a http GET parameter to URL. - * - * @param url URL - * @param paramname Name of the parameter. - * @param paramvalue Value of the parameter. - * @return - */ - public static String addUrlParameter(final String url, final String paramname, - final String paramvalue) { - final String param = paramname + "=" + paramvalue; - if (url.indexOf("?") < 0) { - return url + "?" + param; - } else { - return url + "&" + param; - } - } - -} diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java deleted file mode 100644 index f922e1ac..00000000 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java +++ /dev/null @@ -1,24 +0,0 @@ -package at.gv.egiz.eaaf.core.impl.utils; - -import org.apache.http.impl.client.CloseableHttpClient; - -public interface IHttpClientFactory { - - /** - * Return an instance of a Apache HTTP client that follows http redirects - * automatically. - * - * @return - */ - CloseableHttpClient getHttpClient(); - - /** - * Return an instance of a Apache HTTP client. - * - * @param followRedirects if false, the client does not flow 30x - * http redirects - * @return - */ - CloseableHttpClient getHttpClient(boolean followRedirects); - -} diff --git a/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties index f531e02d..b20c5f63 100644 --- a/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties +++ b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties @@ -12,4 +12,7 @@ internal.keystore.07=Validation of KeyStore: {0} failed. Reason: {1} internal.keystore.08=Can not access Key: {1} in KeyStore: {0} internal.keystore.09=Can not access Key: {1} in KeyStore: {0} Reason: {2} - +internal.httpclient.00=HttpClient:{0} uses http Basic-Auth, but 'Username' is NOT set +internal.httpclient.01=HttpClient:{0} uses X509 client-auth, but 'KeyStoreConfig' is NOT set +internal.httpclient.02=HttpClient:{0} uses KeyStore:{1}, but 'keyPassword' is NOT set +internal.httpclient.03=Can not initialize SSLContext for HttpClient:{0} Reason:{1} \ No newline at end of file diff --git a/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml b/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml index ab631e34..aa5a50de 100644 --- a/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml +++ b/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml @@ -11,8 +11,8 @@ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd" > - + class="at.gv.egiz.eaaf.core.impl.http.HttpClientFactory" /> + diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java new file mode 100644 index 00000000..b2f0f80e --- /dev/null +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java @@ -0,0 +1,328 @@ +package at.gv.egiz.eaaf.core.test.http; + +import java.io.IOException; +import java.net.HttpURLConnection; +import java.net.InetAddress; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.Provider; +import java.security.cert.X509Certificate; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.http.HttpClientConfiguration; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; + +import org.apache.commons.lang3.RandomStringUtils; +import org.apache.http.client.ClientProtocolException; +import org.apache.http.client.methods.CloseableHttpResponse; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.methods.HttpUriRequest; +import org.apache.http.impl.client.CloseableHttpClient; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import okhttp3.HttpUrl; +import okhttp3.mockwebserver.MockResponse; +import okhttp3.mockwebserver.MockWebServer; +import okhttp3.mockwebserver.RecordedRequest; +import okhttp3.tls.HandshakeCertificates; +import okhttp3.tls.HeldCertificate; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/spring/test_eaaf_pvp_not_lazy.beans.xml") +public class HttpClientFactoryTest { + + @Autowired private EaafKeyStoreFactory keyStoreFactory; + @Autowired private IHttpClientFactory httpClientFactory; + + private MockWebServer mockWebServer = null; + private HttpUrl mockServerUrl; + + /** + * JUnit test set-up. + * + */ + @Before + public void setup() { + + } + + /** + * jUnit test shutdown. + * + * @throws IOException In case of an mockWebServer error + */ + @After + public void shutdown() throws IOException { + if (mockWebServer != null) { + mockWebServer.shutdown(); + mockWebServer = null; + + } + + } + + @Test + public void getDefaultClient() { + final CloseableHttpClient client = httpClientFactory.getHttpClient(); + Assert.assertNotNull("httpClient", client); + + } + + @Test + public void getDefaultClientNoRedirect() { + final CloseableHttpClient client = httpClientFactory.getHttpClient(false); + Assert.assertNotNull("httpClient", client); + + } + + @Test + public void getCustomClientsDefault() throws EaafException { + final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); + Assert.assertFalse("Wrong default config - Hostnamevalidation", + config.isDisableHostnameValidation()); + Assert.assertFalse("Wrong default config - TLS Server-certs", + config.isDisableTlsHostCertificateValidation()); + + final CloseableHttpClient client1 = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("first http client", client1); + + final CloseableHttpClient client2 = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("second http client", client2); + + } + + @Test + public void getCustomClientUnknownAuthMethod() throws EaafException { + final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); + config.setAuthMode(RandomStringUtils.randomAlphabetic(5)); + final CloseableHttpClient client = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("httpClient", client); + + } + + @Test + public void getCustomClientBasicAuth() throws EaafException, ClientProtocolException, IOException, InterruptedException { + final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); + config.setAuthMode("password"); + config.setUsername("jUnit"); + config.setPassword("password"); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("httpClient", client); + + //setup test webserver that requestes http Basic authentication + mockWebServer = new MockWebServer(); + mockServerUrl = mockWebServer.url("/sp/junit"); + mockWebServer.enqueue(new MockResponse() + .setResponseCode(HttpURLConnection.HTTP_UNAUTHORIZED) + .addHeader("www-authenticate: Basic realm=\"protected area\"") + .setBody("Please authenticate.")); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody("Successful auth!")); + + //request webservice + final HttpUriRequest httpGet2 = new HttpGet(mockServerUrl.url().toString()); + final CloseableHttpResponse httpResp2 = client.execute(httpGet2); + Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode()); + + //check request contains basic authentication after authentication was requested + final RecordedRequest httpReq1 = mockWebServer.takeRequest(); + final RecordedRequest httpReq2 = mockWebServer.takeRequest(); + Assert.assertNull("wrong BasicAuthHeader", httpReq1.getHeader("Authorization")); + Assert.assertNotNull("missing BasicAuthHeader", httpReq2.getHeader("Authorization")); + + } + + @Test + public void getCustomClientBasicAuthNoUsername(){ + final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); + config.setAuthMode("password"); + try { + httpClientFactory.getHttpClient(config); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + Assert.assertEquals("Wrong errorCode", "internal.httpclient.00", e.getErrorId()); + + } + } + + @Test + public void getCustomClientBasicAuthNoPassword() throws EaafException { + final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); + config.setAuthMode("password"); + config.setUsername(RandomStringUtils.randomAlphabetic(5)); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("httpClient", client); + + } + + @Test + public void getCustomClientX509AuthNoKeyStoreConfig(){ + final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); + config.setAuthMode("ssl"); + try { + httpClientFactory.getHttpClient(config); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + Assert.assertEquals("Wrong errorCode", "internal.httpclient.01", e.getErrorId()); + + } + } + + @Test + public void getCustomClientX509AuthNoKeyPassword() throws EaafException{ + final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); + config.setAuthMode("ssl"); + config.buildKeyStoreConfig( + "jks", + "src/test/resources/data/junit.jks", + "password", + null); + + try { + httpClientFactory.getHttpClient(config); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + Assert.assertEquals("Wrong errorCode", "internal.httpclient.02", e.getErrorId()); + + } + } + + @Test + public void getCustomClientX509Auth() throws EaafException { + final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); + config.setAuthMode("ssl"); + config.buildKeyStoreConfig( + "jks", + "src/test/resources/data/junit.jks", + "password", + null); + config.setSslKeyPassword("password"); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("httpClient", client); + + } + + @Test + public void getCustomClientX509AuthWithAlias() throws EaafException, ClientProtocolException, + IOException, KeyStoreException { + final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); + config.setAuthMode("ssl"); + config.buildKeyStoreConfig( + "jks", + "src/test/resources/data/junit.jks", + "password", + null); + config.setSslKeyPassword("password"); + config.setSslKeyAlias("sig"); + config.setDisableTlsHostCertificateValidation(true); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("httpClient", client); + + //set-up mock-up web-server with SSL client authentication + final Pair sslClientKeyStore = + keyStoreFactory.buildNewKeyStore(config.getKeyStoreConfig()); + final String localhost = InetAddress.getByName("localhost").getCanonicalHostName(); + final HeldCertificate localhostCertificate = new HeldCertificate.Builder() + .addSubjectAlternativeName(localhost) + .build(); + final HandshakeCertificates serverCertificates = new HandshakeCertificates.Builder() + .addTrustedCertificate( + (X509Certificate) sslClientKeyStore.getFirst().getCertificate(config.getSslKeyAlias())) + .heldCertificate(localhostCertificate) + .build(); + mockWebServer = new MockWebServer(); + mockWebServer.useHttps(serverCertificates.sslSocketFactory(), false); + mockWebServer.requireClientAuth(); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody("Successful auth!")); + mockServerUrl = mockWebServer.url("/sp/junit"); + + //perform test request + final HttpUriRequest httpGet2 = new HttpGet(mockServerUrl.url().toString()); + final CloseableHttpResponse httpResp2 = client.execute(httpGet2); + Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode()); + + } + + @Test + public void getCustomClientX509AuthWrongKeyPassword() throws EaafException{ + final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); + config.setAuthMode("ssl"); + config.buildKeyStoreConfig( + "jks", + "src/test/resources/data/junit.jks", + "password", + null); + config.setSslKeyPassword(RandomStringUtils.randomAlphanumeric(5)); + config.setSslKeyAlias("sig"); + + try { + httpClientFactory.getHttpClient(config); + Assert.fail("Wrong key password not detected"); + + } catch (final EaafException e) { + Assert.assertEquals("Wrong errorCode", "internal.httpclient.03", e.getErrorId()); + + } + } + + @Test + public void getCustomClientX509AuthWithWrongAlias() throws EaafException, KeyStoreException, ClientProtocolException, IOException { + final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); + config.setAuthMode("ssl"); + config.buildKeyStoreConfig( + "jks", + "src/test/resources/data/junit.jks", + "password", + null); + config.setSslKeyPassword("password"); + config.setSslKeyAlias(RandomStringUtils.randomAlphabetic(5)); + config.setDisableHostnameValidation(true); + config.setFollowHttpRedirects(false); + config.setDisableTlsHostCertificateValidation(true); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("httpClient", client); + + //set-up mock-up web-server with SSL client authentication + final Pair sslClientKeyStore = + keyStoreFactory.buildNewKeyStore(config.getKeyStoreConfig()); + final String localhost = InetAddress.getByName("localhost").getCanonicalHostName(); + final HeldCertificate localhostCertificate = new HeldCertificate.Builder() + .addSubjectAlternativeName(localhost) + .build(); + final HandshakeCertificates serverCertificates = new HandshakeCertificates.Builder() + .addTrustedCertificate( + (X509Certificate) sslClientKeyStore.getFirst().getCertificate("meta")) + .heldCertificate(localhostCertificate) + .build(); + mockWebServer = new MockWebServer(); + mockWebServer.useHttps(serverCertificates.sslSocketFactory(), false); + mockWebServer.requireClientAuth(); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody("Successful auth!")); + mockServerUrl = mockWebServer.url("/sp/junit"); + + //perform test request + final HttpUriRequest httpGet2 = new HttpGet(mockServerUrl.url().toString()); + final CloseableHttpResponse httpResp2 = client.execute(httpGet2); + Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode()); + + } +} diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java index d1887d5c..1d97b167 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java @@ -28,8 +28,8 @@ import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java index 147199a5..ee601c73 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java @@ -11,10 +11,10 @@ import javax.xml.parsers.ParserConfigurationException; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory; import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; import at.gv.egiz.eaaf.core.impl.utils.DomUtils; -import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory; import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java index 37e4acd1..cbeca4c3 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java @@ -6,8 +6,8 @@ import java.net.URLDecoder; import javax.xml.parsers.ParserConfigurationException; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; -import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory; import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java index 64ebe00c..3673859a 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java @@ -6,7 +6,7 @@ import java.util.ArrayList; import java.util.List; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider; import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java index 6abe52dc..27c42c57 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java @@ -5,8 +5,8 @@ import java.io.UnsupportedEncodingException; import java.util.Arrays; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; -import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java index accdd8b0..da417ec7 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java @@ -10,7 +10,7 @@ import java.util.List; import javax.xml.transform.TransformerException; -import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml index 99552053..fa7b4eae 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml @@ -20,7 +20,7 @@ class="at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory" /> + class="at.gv.egiz.eaaf.core.impl.http.HttpClientFactory" /> diff --git a/pom.xml b/pom.xml index 0ce897ec..773e0937 100644 --- a/pom.xml +++ b/pom.xml @@ -78,7 +78,7 @@ 2.22.1 4.12 - 4.0.0 + 4.4.1 1.18.10 @@ -483,6 +483,12 @@ ${com.squareup.okhttp3.version} test + + com.squareup.okhttp3 + okhttp-tls + ${com.squareup.okhttp3.version} + test + at.gv.egiz.eaaf eaaf_core_utils -- cgit v1.2.3 From 5742681b60c6f99efa0040c42e514005596ffb34 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 19 Mar 2020 15:59:15 +0100 Subject: inject authType parameter in VDA request to select a specific authentication method --- .../tasks/AbstractCreateQualEidRequestTask.java | 30 +++++++++++++++ .../modules/auth/sl20/utils/SL20Constants.java | 45 ++++++++++++++++++++++ 2 files changed, 75 insertions(+) diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java index 1d97b167..6a5e1ef0 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java @@ -1,5 +1,6 @@ package at.gv.egiz.eaaf.modules.auth.sl20.tasks; +import java.io.Serializable; import java.security.cert.CertificateEncodingException; import java.util.ArrayList; import java.util.List; @@ -39,6 +40,7 @@ import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants; +import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants.VdaAuthMethod; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20HttpBindingUtils; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonBuilderUtils; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonExtractorUtils; @@ -95,6 +97,15 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl final List parameters = new ArrayList<>(); parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Req.toString().getBytes("UTF-8")))); + + //set specific authentication method if it was selection by process step before + VdaAuthMethod authMethod = getVdaAuthMethodFromContext(executionContext); + if (authMethod != null) { + log.debug("Request VDA with authType: {}", authMethod); + parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_AUTH_METHOD_PARAM, + authMethod.getAuthMethod())); + } + httpReq.setEntity(new UrlEncodedFormEntity(parameters)); // build http GET request @@ -190,6 +201,13 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl } + /** + * Get ExecutionContext parameter-key for VDA AuthMethod information. + * + * @return Key to get AuthMethod from {@link ExecutionContext} + */ + protected abstract String getAuthMethodContextParamKey(); + /** * Create a implementation specific qualified eID SL2.0 command * @@ -201,6 +219,18 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl */ protected abstract String buildSignedQualifiedEidCommand() throws CertificateEncodingException, SL20Exception; + + private VdaAuthMethod getVdaAuthMethodFromContext(ExecutionContext executionContext) { + Serializable authMethodRaw = executionContext.get(getAuthMethodContextParamKey()); + if (authMethodRaw instanceof String) { + log.trace("Find authMethod parameter: {} on context", authMethodRaw); + return VdaAuthMethod.fromString((String) authMethodRaw); + + } + + return null; + } + private String extractVdaUrlForSpecificOa(final ISpConfiguration oaConfig, final ExecutionContext executionContext) { // load SP specific config for development and testing purposes diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java index 01316b9b..ec5dbf2e 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java @@ -4,6 +4,8 @@ import java.util.Arrays; import java.util.Collections; import java.util.List; +import javax.annotation.Nonnull; + import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers; import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers; import org.jose4j.jws.AlgorithmIdentifiers; @@ -11,10 +13,53 @@ import org.jose4j.jws.AlgorithmIdentifiers; public class SL20Constants { public static final int CURRENT_SL20_VERSION = 10; + // http binding parameters public static final String PARAM_SL20_REQ_COMMAND_PARAM = "slcommand"; public static final String PARAM_SL20_REQ_COMMAND_PARAM_OLD = "sl2command"; + public static final String PARAM_SL20_REQ_AUTH_METHOD_PARAM = "authtype"; + public enum VdaAuthMethod { + ANY("any"), MOBILEPHONE("handy"), CARD("card"); + + private final String authMethod; + + VdaAuthMethod(final String method) { + this.authMethod = method; + } + + /** + * Get VDA AuthMethod. + * + * @return + */ + public String getAuthMethod() { + return this.authMethod; + } + + /** + * Get VDA authmethod from String representation. + * + * @param s authMethod parameter + * @return AuthMethod, or VdaAuthMethod.ANY if the parameter is unknown + */ + public static VdaAuthMethod fromString(@Nonnull final String s) { + try { + return VdaAuthMethod.valueOf(s.toUpperCase()); + + } catch (IllegalArgumentException | NullPointerException e) { + return VdaAuthMethod.ANY; + + } + } + + @Override + public String toString() { + return getAuthMethod(); + + } + } + public static final String PARAM_SL20_REQ_ICP_RETURN_URL_PARAM = "slIPCReturnUrl"; public static final String PARAM_SL20_REQ_TRANSACTIONID = "slTransactionID"; -- cgit v1.2.3 From efa9cafcc8cab417efcc8a0a610e82e7578d64fc Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 19 Mar 2020 16:07:10 +0100 Subject: codestyle problem --- .../main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java | 1 + 1 file changed, 1 insertion(+) diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java index ec5dbf2e..5c3fa705 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java @@ -19,6 +19,7 @@ public class SL20Constants { public static final String PARAM_SL20_REQ_COMMAND_PARAM_OLD = "sl2command"; public static final String PARAM_SL20_REQ_AUTH_METHOD_PARAM = "authtype"; + public enum VdaAuthMethod { ANY("any"), MOBILEPHONE("handy"), CARD("card"); -- cgit v1.2.3 From b3157cfd92685303de5aa05f05a66ec933d21266 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 19 Mar 2020 17:30:45 +0100 Subject: add 'smartphone' as parameter for authType on VDA side --- .../java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java index 5c3fa705..bfc393db 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java @@ -21,7 +21,7 @@ public class SL20Constants { public static final String PARAM_SL20_REQ_AUTH_METHOD_PARAM = "authtype"; public enum VdaAuthMethod { - ANY("any"), MOBILEPHONE("handy"), CARD("card"); + ANY("any"), MOBILEPHONE("handy"), CARD("card"), SMARTPHONE("smartphone"); private final String authMethod; -- cgit v1.2.3 From a46333372c7f7b74831a19c04c93c7b6815b8f84 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 20 Mar 2020 13:50:34 +0100 Subject: add some more test cases for process-engine evaluator --- .../impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java index 26e2e17b..7559fe85 100644 --- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java @@ -69,6 +69,10 @@ public class SpringExpressionEvaluatorTest { assertTrue(expressionEvaluator.evaluate(ctx, "'HelloWorld'.equals(@simplePojo.stringValue)")); assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.integerValue == 42")); assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.stringValue.length() == 10")); + + assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.stringValue.length() == 10 and @simplePojo.booleanValue")); + assertFalse(expressionEvaluator.evaluate(ctx, "@simplePojo.stringValue.length() == 10 and !@simplePojo.booleanValue")); + assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.stringValue.length() == 10 or !@simplePojo.booleanValue")); } } -- cgit v1.2.3 From 895066c1aa921204346225551525006b6d34b7c6 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 20 Mar 2020 13:51:29 +0100 Subject: switch to HSM-Facade 0.4-Snapshot and fix possible race-condition between jUnit tests --- .../pvp2/test/AbstractSamlVerificationEngine.java | 54 +++++++++++++--------- .../pvp2/test/SamlVerificationEngineTest.java | 36 ++++++++------- .../SamlVerificationEngineWithHsmFacadeTest.java | 10 ++-- .../pvp2/test/metadata/MetadataBuilderTest.java | 20 ++++---- pom.xml | 2 +- 5 files changed, 71 insertions(+), 51 deletions(-) diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java index d5186857..e593c1d4 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java @@ -3,28 +3,9 @@ package at.gv.egiz.eaaf.modules.pvp2.test; import java.util.ArrayList; import java.util.List; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; -import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; -import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; -import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider; - +import org.apache.xml.security.algorithms.JCEMapper; import org.joda.time.DateTime; +import org.junit.AfterClass; import org.junit.BeforeClass; import org.junit.Test; import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; @@ -47,6 +28,26 @@ import org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.util.Assert; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider; import net.shibboleth.utilities.java.support.xml.XMLParserException; @@ -72,6 +73,17 @@ public abstract class AbstractSamlVerificationEngine { EaafOpenSaml3xInitializer.eaafInitialize(); } + + /** + * Reset OpenSAML3.x JCEMapper to default. + * + */ + @AfterClass + public static void classCloser() { + JCEMapper.setProviderId(null); + + } + protected abstract String getMetadataJunitJKeystore(); protected abstract String getMetadataClassPathEntityPath(); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java index 64bfb8f6..57c4b93a 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java @@ -1,22 +1,5 @@ package at.gv.egiz.eaaf.modules.pvp2.test; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException; -import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; -import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; -import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider; - import org.joda.time.DateTime; import org.junit.Test; import org.junit.runner.RunWith; @@ -30,12 +13,30 @@ import org.opensaml.saml.saml2.core.Response; import org.opensaml.saml.saml2.core.StatusCode; import org.opensaml.xmlsec.signature.support.SignatureConstants; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.util.Assert; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider; import net.shibboleth.utilities.java.support.xml.XMLParserException; @RunWith(SpringJUnit4ClassRunner.class) @@ -43,6 +44,7 @@ import net.shibboleth.utilities.java.support.xml.XMLParserException; "/spring/test_eaaf_core_spring_config.beans.xml", "/spring/eaaf_utils.beans.xml" }) @TestPropertySource(locations = { "/config/config_1.props" }) +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) public class SamlVerificationEngineTest extends AbstractSamlVerificationEngine { @Autowired diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java index 5b06a73f..926f25b2 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java @@ -1,20 +1,24 @@ package at.gv.egiz.eaaf.modules.pvp2.test; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; - import org.junit.Test; import org.junit.runner.RunWith; import org.opensaml.xmlsec.signature.support.SignatureConstants; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; + +//@IfProfileValue(name = "spring.profiles.active", value = "devEnvironment") @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml", "/spring/test_eaaf_core_spring_config.beans.xml", "/spring/eaaf_utils.beans.xml" }) @TestPropertySource(locations = { "/config/config_3.props" }) +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) public class SamlVerificationEngineWithHsmFacadeTest extends AbstractSamlVerificationEngine { @Override diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java index 0f8817a0..8657bc60 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java @@ -14,15 +14,6 @@ import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; import javax.xml.transform.TransformerFactoryConfigurationError; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; -import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; - import org.apache.commons.lang3.RandomStringUtils; import org.junit.Assert; import org.junit.BeforeClass; @@ -46,10 +37,20 @@ import org.opensaml.security.x509.BasicX509Credential; import org.opensaml.xmlsec.signature.support.SignatureException; import org.opensaml.xmlsec.signature.support.SignatureValidator; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; import net.shibboleth.utilities.java.support.xml.XMLParserException; @@ -61,6 +62,7 @@ import net.shibboleth.utilities.java.support.xml.XMLParserException; "/spring/test_eaaf_core_spring_config.beans.xml", "/spring/eaaf_utils.beans.xml" }) @TestPropertySource(locations = { "/config/config_1.props" }) +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) public class MetadataBuilderTest { @Autowired private PvpMetadataBuilder metadataBuilder; diff --git a/pom.xml b/pom.xml index 773e0937..c63b31c0 100644 --- a/pom.xml +++ b/pom.xml @@ -43,7 +43,7 @@ 2.13_moa 2.13_moa - 0.3.0 + 0.4.0-SNAPSHOT 1.25.0 -- cgit v1.2.3 From f3792e2ffbfbf0dea3d2ede7b311acdefc1c19fd Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 20 Mar 2020 13:51:57 +0100 Subject: add JOSE header into JWS verificationresult DAO --- .../modules/auth/sl20/data/VerificationResult.java | 10 +++++- .../modules/auth/sl20/utils/JsonSecurityUtils.java | 37 ++++++++++++---------- 2 files changed, 29 insertions(+), 18 deletions(-) diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java index bb0c41d7..0f88e251 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java @@ -9,6 +9,7 @@ public class VerificationResult { private Boolean validSigned = null; private List certs = null; + private JsonNode header = null; private JsonNode payload = null; public VerificationResult(final JsonNode payload) { @@ -19,11 +20,14 @@ public class VerificationResult { /** * JWS signature verification-result container. * + * @param joseHeader JWS header * @param payload JWS payload * @param certs JWS signercertificate * @param wasValidSigned true if signature was valid */ - public VerificationResult(final JsonNode payload, final List certs, final boolean wasValidSigned) { + public VerificationResult(final JsonNode joseHeader, final JsonNode payload, + final List certs, final boolean wasValidSigned) { + this.header = joseHeader; this.payload = payload; this.certs = certs; this.validSigned = wasValidSigned; @@ -42,4 +46,8 @@ public class VerificationResult { return payload; } + public JsonNode getJoseHeader() { + return header; + + } } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java index ccb650b3..43c44647 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java @@ -13,22 +13,6 @@ import java.util.List; import javax.annotation.Nonnull; import javax.annotation.PostConstruct; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.utils.X509Utils; -import at.gv.egiz.eaaf.modules.auth.sl20.Constants; -import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20SecurityException; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException; - import org.apache.commons.lang3.StringUtils; import org.jose4j.jca.ProviderContext; import org.jose4j.jwa.AlgorithmConstraints; @@ -50,6 +34,22 @@ import org.springframework.util.Base64Utils; import com.fasterxml.jackson.core.JsonParseException; import com.fasterxml.jackson.databind.JsonNode; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.utils.X509Utils; +import at.gv.egiz.eaaf.modules.auth.sl20.Constants; +import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20SecurityException; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException; + @Service public class JsonSecurityUtils implements IJoseTools { private static final Logger log = LoggerFactory.getLogger(JsonSecurityUtils.class); @@ -230,7 +230,10 @@ public class JsonSecurityUtils implements IJoseTools { jws.setKey(selectedKey); // load payLoad - return new VerificationResult(mapper.getMapper().readTree(jws.getPayload()), x5cCerts, jws.verifySignature()); + return new VerificationResult( + mapper.getMapper().readTree(jws.getHeaders().getFullHeaderAsJsonString()), + mapper.getMapper().readTree(jws.getPayload()), + x5cCerts, jws.verifySignature()); } -- cgit v1.2.3 From 3d1bb1bba3dec96d742a6f3c1dc23fb3c607d292 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 20 Mar 2020 20:44:37 +0100 Subject: set Socket timeout in ConnectionPoolManager --- .../eaaf/core/impl/http/HttpClientFactory.java | 23 +++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java index b6e660da..58d7e7b2 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java @@ -10,13 +10,6 @@ import javax.annotation.PostConstruct; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; - import org.apache.commons.lang3.StringUtils; import org.apache.http.HttpRequest; import org.apache.http.HttpResponse; @@ -29,6 +22,7 @@ import org.apache.http.client.config.RequestConfig; import org.apache.http.client.methods.HttpUriRequest; import org.apache.http.config.Registry; import org.apache.http.config.RegistryBuilder; +import org.apache.http.config.SocketConfig; import org.apache.http.conn.socket.ConnectionSocketFactory; import org.apache.http.conn.socket.LayeredConnectionSocketFactory; import org.apache.http.conn.socket.PlainConnectionSocketFactory; @@ -43,6 +37,12 @@ import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; import org.apache.http.protocol.HttpContext; import org.springframework.beans.factory.annotation.Autowired; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; import lombok.extern.slf4j.Slf4j; @Slf4j @@ -296,7 +296,7 @@ public class HttpClientFactory implements IHttpClientFactory { pool = new PoolingHttpClientConnectionManager(); } - + pool.setDefaultMaxPerRoute(Integer.parseInt( basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE, DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE))); @@ -304,6 +304,11 @@ public class HttpClientFactory implements IHttpClientFactory { basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL, DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL))); + pool.setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(Integer.parseInt( + basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET, + DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET)) + * 1000).build()); + builder.setConnectionManager(pool); log.debug("Initalize http-client pool with, maxTotal: {} maxPerRoute: {}", pool.getMaxTotal(), pool.getDefaultMaxPerRoute()); @@ -329,7 +334,7 @@ public class HttpClientFactory implements IHttpClientFactory { .setSocketTimeout(Integer.parseInt( basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET, DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET)) - * 1000) + * 1000) .build(); return requestConfig; -- cgit v1.2.3 From bb15852878205381898c0719d163756d6aa96e1c Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 20 Mar 2020 20:45:42 +0100 Subject: refactor SAML2 metadata signature-filter to use a TrustStore implementation to get trusted X509 certificates --- .../pvp2/api/utils/IPvp2CredentialProvider.java | 13 ++ .../impl/utils/AbstractCredentialProvider.java | 18 ++- .../SimpleMetadataSignatureVerificationFilter.java | 46 ++++-- .../pvp2/test/metadata/MetadataResolverTest.java | 155 +++++++++++---------- 4 files changed, 142 insertions(+), 90 deletions(-) diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java index a564efb2..acd565a1 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java @@ -1,11 +1,14 @@ package at.gv.egiz.eaaf.modules.pvp2.api.utils; +import java.security.KeyStore; +import java.security.Provider; import java.security.cert.X509Certificate; import java.util.List; import javax.annotation.Nonnull; import javax.annotation.Nullable; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; @@ -51,5 +54,15 @@ public interface IPvp2CredentialProvider { @Nonnull List getTrustedCertificates() throws CredentialsNotAvailableException; + + + /** + * Get the {@link KeyStore} that is used in this {@link IPvp2CredentialProvider}. + * + * @return KeyStore {@link Pair} of {@link KeyStore} and JCE {@link Provider} + * if a special provider is in use + */ + @Nonnull + Pair getKeyStore(); } \ No newline at end of file diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java index 26a5c5f6..e17e625e 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java @@ -32,6 +32,12 @@ import java.util.List; import javax.annotation.Nonnull; import javax.annotation.PostConstruct; +import org.apache.commons.lang3.StringUtils; +import org.apache.xml.security.algorithms.JCEMapper; +import org.opensaml.security.credential.UsageType; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.io.ResourceLoader; + import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.exceptions.EaafException; @@ -44,13 +50,6 @@ import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter; - -import org.apache.commons.lang3.StringUtils; -import org.apache.xml.security.algorithms.JCEMapper; -import org.opensaml.security.credential.UsageType; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.core.io.ResourceLoader; - import lombok.extern.slf4j.Slf4j; @Slf4j @@ -256,6 +255,11 @@ public abstract class AbstractCredentialProvider implements IPvp2CredentialProvi } + public Pair getKeyStore() { + return keyStore; + + } + @PostConstruct private void initialize() throws Exception { try { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SimpleMetadataSignatureVerificationFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SimpleMetadataSignatureVerificationFilter.java index ef09e5c4..5a97924f 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SimpleMetadataSignatureVerificationFilter.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SimpleMetadataSignatureVerificationFilter.java @@ -23,15 +23,14 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; import javax.annotation.Nonnull; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMetadataSignatureException; - import org.opensaml.saml.common.SignableSAMLObject; import org.opensaml.saml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml.saml2.metadata.EntityDescriptor; @@ -40,13 +39,18 @@ import org.opensaml.security.x509.BasicX509Credential; import org.opensaml.xmlsec.signature.support.SignatureException; import org.opensaml.xmlsec.signature.support.SignatureValidator; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMetadataSignatureException; import lombok.extern.slf4j.Slf4j; @Slf4j public class SimpleMetadataSignatureVerificationFilter extends AbstractMetadataSignatureFilter { private final String metadataUrl; - private final List trustedCredential = new ArrayList<>(); + private final KeyStore trustedCredential; private static final String ERROR_07 = "internal.pvp.07"; private static final String ERROR_12 = "internal.pvp.12"; @@ -61,13 +65,13 @@ public class SimpleMetadataSignatureVerificationFilter extends AbstractMetadataS * SAML2 metadata with {@link EntitiesDescriptor} are not supported. *

* - * @param credentials Trust X509 certificates + * @param keyStore TrustStore that contains trusted X509 certificates * @param metadataUrl Metadata URL for logging purposes */ - public SimpleMetadataSignatureVerificationFilter(@Nonnull List credentials, + public SimpleMetadataSignatureVerificationFilter(@Nonnull KeyStore keyStore, @Nonnull String metadataUrl) { this.metadataUrl = metadataUrl; - this.trustedCredential.addAll(credentials); + this.trustedCredential = keyStore; } @@ -121,7 +125,7 @@ public class SimpleMetadataSignatureVerificationFilter extends AbstractMetadataS // perform cryptographic signature verification boolean isTrusted = false; - for (final BasicX509Credential cred : trustedCredential) { + for (final BasicX509Credential cred : getTrustedCertificates()) { log.trace("Validating signature with credential: {} ... ", cred.getEntityCertificate().getSubjectDN()); try { @@ -140,7 +144,31 @@ public class SimpleMetadataSignatureVerificationFilter extends AbstractMetadataS throw new SamlMetadataSignatureException(metadataUrl, ERROR_MSG_SIGNOTVALID); } + } + + private List getTrustedCertificates() throws EaafConfigurationException { + try { + final List certs = + EaafKeyStoreUtils.readCertsFromKeyStore(trustedCredential); + if (certs.isEmpty()) { + log.warn("No trusted metadata-signing certificates in configuration"); + throw new EaafConfigurationException("module.eidasauth.02", + new Object[] { "No trusted metadata-signing certificates" }); + + } + + final List result = new ArrayList<>(); + for (final X509Certificate cert : certs) { + result.add(new BasicX509Credential(cert)); + } + return result; + + } catch (final KeyStoreException e) { + throw new EaafConfigurationException("module.eidasauth.01", + new Object[] { "Trusted metadata-signing certificates", e.getMessage() }, e); + + } } } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java index da417ec7..1cbc2f14 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java @@ -2,6 +2,9 @@ package at.gv.egiz.eaaf.modules.pvp2.test.metadata; import java.io.IOException; import java.io.UnsupportedEncodingException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; @@ -10,21 +13,6 @@ import java.util.List; import javax.xml.transform.TransformerException; -import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; -import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PvpEntityCategoryFilter; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter; -import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; - import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.RandomStringUtils; import org.joda.time.DateTime; @@ -68,6 +56,20 @@ import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PvpEntityCategoryFilter; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; import net.shibboleth.utilities.java.support.component.ComponentInitializationException; import net.shibboleth.utilities.java.support.resolver.CriteriaSet; import net.shibboleth.utilities.java.support.resolver.ResolverException; @@ -91,7 +93,8 @@ public class MetadataResolverTest { private PvpMetadataResolverFactory metadataResolverFactory; @Autowired private IHttpClientFactory httpClientFactory; - @Autowired private DummyCredentialProvider credentialProvider; + @Autowired + private DummyCredentialProvider credentialProvider; /** * JUnit class initializer. @@ -183,16 +186,15 @@ public class MetadataResolverTest { } @Test - public void noCredentials() { + public void noCredentials() throws KeyStoreException { final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml"; - final List credentials = new ArrayList<>(); - + final KeyStore keystore = KeyStore.getInstance("JKS"); final List filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( - credentials, + keystore, metadataUrl)); final MetadataFilterChain filterChain = new MetadataFilterChain(); @@ -212,20 +214,21 @@ public class MetadataResolverTest { } @Test - public void wrongCredentials() throws CertificateException { + public void wrongCredentials() throws CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException { final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml"; - final List credentials = new ArrayList<>(); + final KeyStore keystore = KeyStore.getInstance("JKS"); + keystore.load(null, "junit".toCharArray()); final CertificateFactory fact = CertificateFactory.getInstance("X.509"); final BasicX509Credential credential = new BasicX509Credential((X509Certificate) fact.generateCertificate( MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))); - credentials.add(credential); + keystore.setCertificateEntry("1", credential.getEntityCertificate()); final List filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( - credentials, + keystore, metadataUrl)); final MetadataFilterChain filterChain = new MetadataFilterChain(); @@ -246,21 +249,22 @@ public class MetadataResolverTest { @Test public void validCredentialsInvalidSig() throws CertificateException, Pvp2MetadataException, - ResolverException { + ResolverException, KeyStoreException, NoSuchAlgorithmException, IOException { final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml"; - final List credentials = new ArrayList<>(); + final KeyStore keystore = KeyStore.getInstance("JKS"); + keystore.load(null, "junit".toCharArray()); final CertificateFactory fact = CertificateFactory.getInstance("X.509"); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")))); + keystore.setCertificateEntry("1", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))); + keystore.setCertificateEntry("2", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))); final List filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( - credentials, + keystore, metadataUrl)); final MetadataFilterChain filterChain = new MetadataFilterChain(); @@ -281,7 +285,8 @@ public class MetadataResolverTest { @Test public void metadataSignatureValidCredentials() throws CertificateException, Pvp2MetadataException, ResolverException, XMLParserException, UnmarshallingException, SamlSigningException, - CredentialsNotAvailableException, MarshallingException, TransformerException, IOException { + CredentialsNotAvailableException, MarshallingException, TransformerException, IOException, + KeyStoreException, NoSuchAlgorithmException { mockWebServer.shutdown(); mockWebServer = new MockWebServer(); @@ -300,19 +305,20 @@ public class MetadataResolverTest { .setBody(SerializeSupport.nodeToString(metadataElement)) .setHeader("Content-Type", "text/html;charset=utf-8")); - final List credentials = new ArrayList<>(); + final KeyStore keystore = KeyStore.getInstance("JKS"); + keystore.load(null, "junit".toCharArray()); final CertificateFactory fact = CertificateFactory.getInstance("X.509"); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")))); + keystore.setCertificateEntry("1", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))); + keystore.setCertificateEntry("2", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))); + keystore.setCertificateEntry("3", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))); final List filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( - credentials, + keystore, mockServerUrl.url().toString())); filterList.add(new PvpEntityCategoryFilter(true)); @@ -332,7 +338,8 @@ public class MetadataResolverTest { @Test public void metadataSignatureValidCredentialsSecond() throws CertificateException, Pvp2MetadataException, ResolverException, XMLParserException, UnmarshallingException, SamlSigningException, - CredentialsNotAvailableException, MarshallingException, TransformerException, IOException { + CredentialsNotAvailableException, MarshallingException, TransformerException, IOException, + KeyStoreException, NoSuchAlgorithmException { final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), @@ -347,19 +354,20 @@ public class MetadataResolverTest { .setBody(SerializeSupport.nodeToString(metadataElement)) .setHeader("Content-Type", "text/html;charset=utf-8")); - final List credentials = new ArrayList<>(); + final KeyStore keystore = KeyStore.getInstance("JKS"); + keystore.load(null, "junit".toCharArray()); final CertificateFactory fact = CertificateFactory.getInstance("X.509"); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")))); + keystore.setCertificateEntry("1", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))); + keystore.setCertificateEntry("2", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))); + keystore.setCertificateEntry("3", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))); final List filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( - credentials, + keystore, mockServerUrl.url().toString())); filterList.add(new PvpEntityCategoryFilter(true)); @@ -370,8 +378,6 @@ public class MetadataResolverTest { mockServerUrl.url().toString(), filterChain, "jUnit test", httpClientFactory.getHttpClient()); - - final EntityDescriptor descr = mdResolver.getEntityDescriptor(metadata.getEntityID()); Assert.assertNotNull("No EntityDescripter", descr); @@ -385,11 +391,13 @@ public class MetadataResolverTest { @Test public void metadataSignatureValidCredentialsThird() throws CertificateException, Pvp2MetadataException, ResolverException, XMLParserException, UnmarshallingException, SamlSigningException, - CredentialsNotAvailableException, MarshallingException, TransformerException, IOException { + CredentialsNotAvailableException, MarshallingException, TransformerException, IOException, + KeyStoreException, NoSuchAlgorithmException { final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), - MetadataResolverTest.class.getResourceAsStream("/data/pvp_metadata_valid_with_entityCategory_egov.xml")); + MetadataResolverTest.class.getResourceAsStream( + "/data/pvp_metadata_valid_with_entityCategory_egov.xml")); metadata.setValidUntil(DateTime.now().plusDays(1)); metadata.setSignature(null); metadata.setEntityID(RandomStringUtils.randomAlphabetic(10)); @@ -400,19 +408,20 @@ public class MetadataResolverTest { .setBody(SerializeSupport.nodeToString(metadataElement)) .setHeader("Content-Type", "text/html;charset=utf-8")); - final List credentials = new ArrayList<>(); + final KeyStore keystore = KeyStore.getInstance("JKS"); + keystore.load(null, "junit".toCharArray()); final CertificateFactory fact = CertificateFactory.getInstance("X.509"); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")))); + keystore.setCertificateEntry("1", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))); + keystore.setCertificateEntry("2", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))); + keystore.setCertificateEntry("3", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))); final List filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( - credentials, + keystore, mockServerUrl.url().toString())); filterList.add(new PvpEntityCategoryFilter(true)); @@ -423,8 +432,6 @@ public class MetadataResolverTest { mockServerUrl.url().toString(), filterChain, "jUnit test", httpClientFactory.getHttpClient()); - - final EntityDescriptor descr = mdResolver.getEntityDescriptor(metadata.getEntityID()); Assert.assertNotNull("No EntityDescripter", descr); @@ -438,7 +445,8 @@ public class MetadataResolverTest { @Test public void metadataExpired() throws CertificateException, Pvp2MetadataException, ResolverException, XMLParserException, UnmarshallingException, SamlSigningException, - CredentialsNotAvailableException, MarshallingException, TransformerException, IOException { + CredentialsNotAvailableException, MarshallingException, TransformerException, IOException, + KeyStoreException, NoSuchAlgorithmException { final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), @@ -452,24 +460,24 @@ public class MetadataResolverTest { .setBody(SerializeSupport.nodeToString(metadataElement)) .setHeader("Content-Type", "text/html;charset=utf-8")); - final List credentials = new ArrayList<>(); + final KeyStore keystore = KeyStore.getInstance("JKS"); + keystore.load(null, "junit".toCharArray()); final CertificateFactory fact = CertificateFactory.getInstance("X.509"); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")))); + keystore.setCertificateEntry("1", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))); + keystore.setCertificateEntry("2", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))); + keystore.setCertificateEntry("2", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))); final List filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( - credentials, + keystore, mockServerUrl.url().toString())); filterList.add(new RequiredValidUntilFilter()); filterList.add(new PvpEntityCategoryFilter(false)); - final MetadataFilterChain filterChain = new MetadataFilterChain(); filterChain.setFilters(filterList); @@ -484,7 +492,6 @@ public class MetadataResolverTest { } - } @Test -- cgit v1.2.3 From b8117498ba6227248d9e10d960298530ff30bcf8 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 24 Mar 2020 15:58:03 +0100 Subject: some small changes --- checks/egiz_checks.xml | 16 ++++++---------- .../idp/conf/AbstractSpringBootConfigurationImpl.java | 10 +++++----- eaaf_core_utils/pom.xml | 7 +++++++ 3 files changed, 18 insertions(+), 15 deletions(-) diff --git a/checks/egiz_checks.xml b/checks/egiz_checks.xml index 6a8e68ef..ad0be35e 100644 --- a/checks/egiz_checks.xml +++ b/checks/egiz_checks.xml @@ -1,13 +1,12 @@ - + @@ -20,9 +19,6 @@ Checkstyle configuration that checks the Google coding conventions from Google J - @@ -180,9 +176,7 @@ Checkstyle configuration that checks the Google coding conventions from Google J - - - + @@ -204,6 +198,8 @@ Checkstyle configuration that checks the Google coding conventions from Google J + + diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java index 5dcbcb7e..708ef399 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java @@ -28,10 +28,6 @@ import java.util.Map.Entry; import javax.annotation.PostConstruct; -import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; - import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -42,6 +38,10 @@ import org.springframework.core.env.EnumerablePropertySource; import org.springframework.core.env.Environment; import org.springframework.core.env.PropertySource; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; + public abstract class AbstractSpringBootConfigurationImpl implements IConfigurationWithSP { private static final Logger log = LoggerFactory.getLogger(AbstractSpringBootConfigurationImpl.class); @@ -114,7 +114,7 @@ public abstract class AbstractSpringBootConfigurationImpl implements IConfigurat return new URI(env.getRequiredProperty(addPrefixToKey(PROP_CONFIG_ROOT_DIR))); } catch (IllegalStateException | URISyntaxException e) { - log.warn("ConfigRootDirectory is NOT set"); + log.warn("ConfigRootDirectory is NOT set", e); return null; } diff --git a/eaaf_core_utils/pom.xml b/eaaf_core_utils/pom.xml index 681152f7..7cf6a266 100644 --- a/eaaf_core_utils/pom.xml +++ b/eaaf_core_utils/pom.xml @@ -79,6 +79,13 @@ joda-time joda-time + + + + org.springframework + spring-webmvc + provided + javax.servlet javax.servlet-api -- cgit v1.2.3 From 1044640c80e6586192e14635ae5a65d2f6524dc8 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 24 Mar 2020 19:51:58 +0100 Subject: fix dependency problems with different Java Spring versions --- eaaf_core/pom.xml | 1 + eaaf_modules/eaaf_module_auth_sl20/pom.xml | 6 +++++- eaaf_modules/eaaf_module_moa-sig/pom.xml | 7 ++++++- eaaf_modules/eaaf_module_pvp2_core/pom.xml | 6 ++++++ eaaf_modules/eaaf_module_pvp2_idp/pom.xml | 6 +++++- eaaf_modules/eaaf_module_pvp2_sp/pom.xml | 6 +++++- pom.xml | 2 +- 7 files changed, 29 insertions(+), 5 deletions(-) diff --git a/eaaf_core/pom.xml b/eaaf_core/pom.xml index f41463df..520884ea 100644 --- a/eaaf_core/pom.xml +++ b/eaaf_core/pom.xml @@ -37,6 +37,7 @@ org.springframework spring-webmvc + provided org.slf4j diff --git a/eaaf_modules/eaaf_module_auth_sl20/pom.xml b/eaaf_modules/eaaf_module_auth_sl20/pom.xml index 9b237b78..482596a2 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/pom.xml +++ b/eaaf_modules/eaaf_module_auth_sl20/pom.xml @@ -42,7 +42,11 @@ com.fasterxml.jackson.core jackson-databind - + + org.springframework + spring-webmvc + provided + javax.servlet javax.servlet-api diff --git a/eaaf_modules/eaaf_module_moa-sig/pom.xml b/eaaf_modules/eaaf_module_moa-sig/pom.xml index b9dd49f6..eb2cdae8 100644 --- a/eaaf_modules/eaaf_module_moa-sig/pom.xml +++ b/eaaf_modules/eaaf_module_moa-sig/pom.xml @@ -59,7 +59,12 @@ at.gv.egiz.eaaf eaaf_core_api - + + org.springframework + spring-webmvc + provided + + joda-time joda-time diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml index 32d66501..efc359aa 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml @@ -47,6 +47,12 @@ bcprov-jdk15on + + org.springframework + spring-webmvc + provided + + javax.servlet javax.servlet-api diff --git a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml index cf833f67..b570c88a 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml @@ -19,7 +19,11 @@ eaaf_module_pvp2_core ${egiz.eaaf.version} - + + org.springframework + spring-webmvc + provided + javax.servlet javax.servlet-api diff --git a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml index b936f307..cf2ac340 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml @@ -25,7 +25,11 @@ - + + org.springframework + spring-webmvc + provided + javax.servlet javax.servlet-api diff --git a/pom.xml b/pom.xml index c63b31c0..735c7b3d 100644 --- a/pom.xml +++ b/pom.xml @@ -21,7 +21,7 @@ 0.4 - 0.3 + 0.3.1 3.1.2 2.0.2 -- cgit v1.2.3 From 726e0837ca6cd9586f8b85aceca91487a9105216 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 25 Mar 2020 17:36:14 +0100 Subject: some codestyle changes --- .../eaaf/core/test/http/HttpClientFactoryTest.java | 25 +++++++++++----------- 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java index b2f0f80e..25bd3008 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java @@ -8,12 +8,6 @@ import java.security.KeyStoreException; import java.security.Provider; import java.security.cert.X509Certificate; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.http.HttpClientConfiguration; -import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; - import org.apache.commons.lang3.RandomStringUtils; import org.apache.http.client.ClientProtocolException; import org.apache.http.client.methods.CloseableHttpResponse; @@ -29,6 +23,11 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.http.HttpClientConfiguration; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; import okhttp3.HttpUrl; import okhttp3.mockwebserver.MockResponse; import okhttp3.mockwebserver.MockWebServer; @@ -110,7 +109,8 @@ public class HttpClientFactoryTest { } @Test - public void getCustomClientBasicAuth() throws EaafException, ClientProtocolException, IOException, InterruptedException { + public void getCustomClientBasicAuth() throws EaafException, ClientProtocolException, + IOException, InterruptedException { final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); config.setAuthMode("password"); config.setUsername("jUnit"); @@ -143,7 +143,7 @@ public class HttpClientFactoryTest { } @Test - public void getCustomClientBasicAuthNoUsername(){ + public void getCustomClientBasicAuthNoUsername() { final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); config.setAuthMode("password"); try { @@ -168,7 +168,7 @@ public class HttpClientFactoryTest { } @Test - public void getCustomClientX509AuthNoKeyStoreConfig(){ + public void getCustomClientX509AuthNoKeyStoreConfig() { final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); config.setAuthMode("ssl"); try { @@ -182,7 +182,7 @@ public class HttpClientFactoryTest { } @Test - public void getCustomClientX509AuthNoKeyPassword() throws EaafException{ + public void getCustomClientX509AuthNoKeyPassword() throws EaafException { final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); config.setAuthMode("ssl"); config.buildKeyStoreConfig( @@ -261,7 +261,7 @@ public class HttpClientFactoryTest { } @Test - public void getCustomClientX509AuthWrongKeyPassword() throws EaafException{ + public void getCustomClientX509AuthWrongKeyPassword() throws EaafException { final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); config.setAuthMode("ssl"); config.buildKeyStoreConfig( @@ -283,7 +283,8 @@ public class HttpClientFactoryTest { } @Test - public void getCustomClientX509AuthWithWrongAlias() throws EaafException, KeyStoreException, ClientProtocolException, IOException { + public void getCustomClientX509AuthWithWrongAlias() throws EaafException, KeyStoreException, + ClientProtocolException, IOException { final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); config.setAuthMode("ssl"); config.buildKeyStoreConfig( -- cgit v1.2.3 From a382287bb7f061bb2a26c095e8e17b324efcb4cf Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 26 Mar 2020 12:36:36 +0100 Subject: fix codestyle --- .../gv/egiz/eaaf/core/api/utils/IJsonMapper.java | 4 ++ .../impl/idp/process/ExecutionContextImpl.java | 2 + .../springweb/SpringWebExpressionEvaluator.java | 2 +- .../at/gv/egiz/eaaf/core/impl/utils/DomUtils.java | 3 + .../impl/idp/auth/EaafCoreMessageSourceTest.java | 8 +-- .../spring/test/SpringExpressionEvaluatorTest.java | 9 ++- .../java/at/gv/egiz/eaaf/core/api/IRequest.java | 8 ++- .../egiz/eaaf/core/api/idp/IAttributeBuilder.java | 4 +- .../eaaf/core/api/idp/IAttributeGenerator.java | 8 +-- .../at/gv/egiz/eaaf/core/api/idp/IAuthData.java | 3 +- .../gv/egiz/eaaf/core/api/idp/IConfiguration.java | 8 +-- .../eaaf/core/api/idp/IConfigurationWithSP.java | 7 ++- .../idp/auth/data/IAuthProcessDataContainer.java | 3 + .../eaaf/core/api/storage/ITransactionStorage.java | 6 +- .../auth/sl20/utils/SL20JsonBuilderUtils.java | 1 + .../auth/sl20/utils/SL20JsonExtractorUtils.java | 2 + .../pvp2/impl/builder/CitizenTokenBuilder.java | 6 +- .../impl/metadata/PvpMetadataResolverFactory.java | 19 ++++--- .../pvp2/test/PvpCoreMessageSourceTest.java | 8 +-- .../modules/pvp2/test/binding/PostBindingTest.java | 65 +++++++++++----------- .../pvp2/test/metadata/MetadataBuilderTest.java | 3 +- .../pvp2/idp/test/AuthenticationActionTest.java | 1 + .../modules/pvp2/idp/test/MetadataActionTest.java | 1 + 23 files changed, 108 insertions(+), 73 deletions(-) diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java index a7e4f6fe..b3e0c88f 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java @@ -3,6 +3,8 @@ package at.gv.egiz.eaaf.core.api.utils; import java.io.IOException; import java.io.InputStream; +import com.google.gson.JsonParseException; + import at.gv.egiz.eaaf.core.exceptions.EaafJsonMapperException; public interface IJsonMapper { @@ -23,6 +25,7 @@ public interface IJsonMapper { * @param value the JSON string to deserialize * @param clazz optional parameter that determines the type of the returned * object. If not set, an {@link Object} is returned. + * @param Response class type * @return the deserialized JSON string as an object of type {@code clazz} or * {@link Object} * @throws JsonParseException if the JSON string contains invalid content. @@ -39,6 +42,7 @@ public interface IJsonMapper { * @param is the JSON to deserialize as {@link InputStream} * @param clazz optional parameter that determines the type of the returned * object. If not set, an {@link Object} is returned. + * @param Response class type * @return the deserialized JSON string as an object of type {@code clazz} or * {@link Object} * @throws JsonParseException if the JSON string contains invalid content. diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java index 27bc829d..3eff8a7b 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java @@ -52,6 +52,8 @@ public class ExecutionContextImpl implements ExecutionContext { /** * Creates a new instance and associated it with a certain process instance. + * + * @param processInstanceId ProcessInstanceId for this execution context. */ public ExecutionContextImpl(final String processInstanceId) { this.processInstanceId = processInstanceId; diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java index afcc0a58..9ef88679 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java @@ -95,7 +95,7 @@ public class SpringWebExpressionEvaluator implements ExpressionEvaluator { * @param delegate The original {@link ExpressionEvaluationContext} to be * delegated to for {@code ctx['foo']} expressions. */ - public SpringWebExpressionEvaluationContext(final ExpressionEvaluationContext delegate) { + SpringWebExpressionEvaluationContext(final ExpressionEvaluationContext delegate) { this.delegate = delegate; } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java index e1a02c64..01b063aa 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java @@ -239,6 +239,7 @@ public class DomUtils { * the same way it is accepted by the * xsi:noNamespaceSchemaLocation * attribute. + * @param parserFeatures {@link Map} of features for XML parser * @return The parsed XML document as a DOM tree. * @throws SAXException An error occurred parsing the document. * @throws IOException An error occurred reading the document. @@ -350,6 +351,7 @@ public class DomUtils { * decide what to do with parsing * errors. If null, it * will not be set. + * @param parserFeatures {@link Map} of features for XML parser * @return The parsed XML document as a DOM tree. * @throws SAXException An error occurred parsing the document. * @throws IOException An error occurred reading the document. @@ -622,6 +624,7 @@ public class DomUtils { * the same way it is accepted by the * xsi:noNamespaceSchemaLocation * attribute. + * @param entityResolver external entity resolver implemention * @return true, if the element validates against the * schemas declared in it. * @throws SAXException An error occurred parsing the document. diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/EaafCoreMessageSourceTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/EaafCoreMessageSourceTest.java index a354b873..2fd25478 100644 --- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/EaafCoreMessageSourceTest.java +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/EaafCoreMessageSourceTest.java @@ -2,8 +2,6 @@ package at.gv.egiz.eaaf.core.impl.idp.auth; import java.util.List; -import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; - import org.junit.Assert; import org.junit.Test; import org.junit.runner.RunWith; @@ -13,10 +11,12 @@ import org.springframework.core.io.ResourceLoader; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; + @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration({ "/eaaf_core.beans.xml", - "/SpringTest-context_eaaf_core.xml", - "/SpringTest-context_authManager.xml"}) + "/SpringTest-context_eaaf_core.xml", + "/SpringTest-context_authManager.xml"}) public class EaafCoreMessageSourceTest { @Autowired diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java index 7559fe85..4aa32360 100644 --- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java @@ -70,9 +70,12 @@ public class SpringExpressionEvaluatorTest { assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.integerValue == 42")); assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.stringValue.length() == 10")); - assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.stringValue.length() == 10 and @simplePojo.booleanValue")); - assertFalse(expressionEvaluator.evaluate(ctx, "@simplePojo.stringValue.length() == 10 and !@simplePojo.booleanValue")); - assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.stringValue.length() == 10 or !@simplePojo.booleanValue")); + assertTrue(expressionEvaluator.evaluate(ctx, + "@simplePojo.stringValue.length() == 10 and @simplePojo.booleanValue")); + assertFalse(expressionEvaluator.evaluate(ctx, + "@simplePojo.stringValue.length() == 10 and !@simplePojo.booleanValue")); + assertTrue(expressionEvaluator.evaluate(ctx, + "@simplePojo.stringValue.length() == 10 or !@simplePojo.booleanValue")); } } diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java index 99541cd6..384446b8 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java @@ -87,9 +87,10 @@ public interface IRequest extends Serializable { * * @param key The specific identifier of the request-data object * @param clazz The class type which is stored with this key + * @param Response class type * @return The request-data object or null if no data is found with this key */ - T getRawData(String key, final Class clazz); + T getRawData(String key, Class clazz); /** * Store a generic data-object into pending request with a specific identifier. @@ -115,6 +116,7 @@ public interface IRequest extends Serializable { * Wrap the internal dataStorage map into a DAO. * * @param wrapper DOA to access SessionData + * @param Response class type * @return */ @Nonnull @@ -241,9 +243,11 @@ public interface IRequest extends Serializable { /** * Get get Service-Provider configuration which is associated with this request. * + * @param decorator Interface of the Service-Provider information DAO + * @param Response class type * @return Service-Provider configuration as object */ - T getServiceProviderConfiguration(final Class decorator); + T getServiceProviderConfiguration(Class decorator); /** * Indicates, if this pending-request is aborted by the user. diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java index 9c451282..c490bd9c 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java @@ -24,8 +24,8 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public interface IAttributeBuilder { String getName(); - ATT build(final ISpConfiguration oaParam, final IAuthData authData, final IAttributeGenerator g) + ATT build(ISpConfiguration oaParam, IAuthData authData, IAttributeGenerator g) throws AttributeBuilderException; - ATT buildEmpty(final IAttributeGenerator g); + ATT buildEmpty(IAttributeGenerator g); } diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java index 072f76e6..9f3e35cc 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java @@ -28,11 +28,11 @@ public interface IAttributeGenerator { * @param value value * @return */ - ATT buildStringAttribute(final String friendlyName, final String name, final String value); + ATT buildStringAttribute(String friendlyName, String name, String value); - ATT buildIntegerAttribute(final String friendlyName, final String name, final int value); + ATT buildIntegerAttribute(String friendlyName, String name, int value); - ATT buildLongAttribute(final String friendlyName, final String name, final long value); + ATT buildLongAttribute(String friendlyName, String name, long value); - ATT buildEmptyAttribute(final String friendlyName, final String name); + ATT buildEmptyAttribute(String friendlyName, String name); } diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java index ca946496..62aa8852 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java @@ -166,9 +166,10 @@ public interface IAuthData { * * @param key Identifier for the generic data * @param clazz Type of the generic data + * @param Response class type * @return return the generic data of specific type, otherwise null */ - T getGenericData(String key, final Class clazz); + T getGenericData(String key, Class clazz); /** * Get bPK of the user. diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java index b9ba9869..a4914f16 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java @@ -29,7 +29,7 @@ public interface IConfiguration { * @param key configuration key * @return configuration value or null if it is not found */ - String getBasicConfiguration(final String key); + String getBasicConfiguration(String key); /** * Get a configuration value from file based configuration. @@ -38,7 +38,7 @@ public interface IConfiguration { * @param defaultValue Default value if no value with this key is found * @return configuration value */ - String getBasicConfiguration(final String key, final String defaultValue); + String getBasicConfiguration(String key, String defaultValue); /** * Get a configuration value from file based configuration. @@ -47,7 +47,7 @@ public interface IConfiguration { * @return configuration value as {@link Boolean} or false if key * does not exist */ - boolean getBasicConfigurationBoolean(final String key); + boolean getBasicConfigurationBoolean(String key); /** * Get a configuration value from file based configuration. @@ -57,7 +57,7 @@ public interface IConfiguration { * @return configuration value as {@link Boolean} or defaultValue * if key does not exist */ - boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue); + boolean getBasicConfigurationBoolean(String key, boolean defaultValue); /** * Get the root directory of the configuration folder. diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfigurationWithSP.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfigurationWithSP.java index 1ab27e7f..cf8867b3 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfigurationWithSP.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfigurationWithSP.java @@ -22,7 +22,7 @@ public interface IConfigurationWithSP extends IConfiguration { * error */ @Nullable - ISpConfiguration getServiceProviderConfiguration(final String uniqueID) throws EaafConfigurationException; + ISpConfiguration getServiceProviderConfiguration(String uniqueID) throws EaafConfigurationException; /** * Get a configuration entry for a specific Service Provider that is decorated @@ -32,12 +32,13 @@ public interface IConfigurationWithSP extends IConfiguration { * @param decorator Decorator that should be used to decorate the result. * This decorator has to be implement or extend the * {@link ISpConfiguration} interface + * @param Response class type * @return T or null if no SP configuration was found * @throws EaafConfigurationException In case of a Service-Provider loading * error */ @Nullable - T getServiceProviderConfiguration(String spIdentifier, final Class decorator) + T getServiceProviderConfiguration(String spIdentifier, Class decorator) throws EaafConfigurationException; /** @@ -49,7 +50,7 @@ public interface IConfigurationWithSP extends IConfiguration { * @param prefix Prefix of the configuration key * @return Map String/String without prefix, but never null */ - Map getBasicConfigurationWithPrefix(final String prefix); + Map getBasicConfigurationWithPrefix(String prefix); /** * Validate a URL if it it is allowed by configuration. diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java index bb1a28bf..274f3f7f 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java @@ -140,6 +140,8 @@ public interface IAuthProcessDataContainer { /** * Mark that the auth. process was done by an official representatives + * + * @param isOW Mark this data as Organwalter * */ void setOW(boolean isOW); @@ -182,6 +184,7 @@ public interface IAuthProcessDataContainer { * * @param key The specific identifier of the session-data object * @param clazz The class type which is stored with this key + * @param Response class type * @return The session-data object or null if no data is found with this key */ T getGenericDataFromSession(String key, Class clazz); diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/storage/ITransactionStorage.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/storage/ITransactionStorage.java index 754ff9ac..f80fc967 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/storage/ITransactionStorage.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/storage/ITransactionStorage.java @@ -70,10 +70,11 @@ public interface ITransactionStorage { * * @param key Id which identifiers the data object * @param clazz The class type which is stored with this key + * @param Response class type * @return The transaction-data object from type class, or null * @throws EaafStorageException In case of load operation failed */ - T get(String key, final Class clazz) throws EaafException; + T get(String key, Class clazz) throws EaafException; /** * Get a data object from transaction storage. @@ -81,10 +82,11 @@ public interface ITransactionStorage { * @param key Id which identifiers the data object * @param clazz The class type which is stored with this key * @param dataTimeOut Data-object timeout in [ms] + * @param Response class type * @return The transaction-data object from type class, or null * @throws EaafStorageException In case of load operation failed */ - T get(String key, final Class clazz, long dataTimeOut) throws EaafException; + T get(String key, Class clazz, long dataTimeOut) throws EaafException; /** * Change the key of a data object and store it under the new key. diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java index eb17781b..d76f4aad 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java @@ -105,6 +105,7 @@ public class SL20JsonBuilderUtils { * @param name commando name * @param result commando result * @param encryptedResult encrypted commando result + * @param signer {@link JsonSecurityUtils} implementation * @return JWS in serialized form * @throws SlCommandoBuildException in case of an error * diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java index eb6de461..40ea0430 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java @@ -63,6 +63,7 @@ public class SL20JsonExtractorUtils { * @param input JSON * @param keyID Element identifier * @param isRequired true, if the element must not null + * @param defaultValue in case of no existing element with key * @return Boolean * @throws SlCommandoParserException In case of an error */ @@ -269,6 +270,7 @@ public class SL20JsonExtractorUtils { * * @param container JSON * @param joseTools JWS implementation + * @param mustBeSigned Throw an error if the result was not signed * @return Signature verification result that contains the payLoad * @throws SlCommandoParserException In case of an error */ diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java index bf201803..1d6e3738 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java @@ -19,8 +19,6 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.builder; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; - import org.opensaml.core.xml.XMLObject; import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; import org.opensaml.core.xml.schema.XSInteger; @@ -30,6 +28,8 @@ import org.opensaml.core.xml.schema.impl.XSStringBuilder; import org.opensaml.saml.saml2.core.Attribute; import org.opensaml.saml.saml2.core.AttributeValue; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; + /** * Build all attributes from PVP2 citizen-token. * @@ -73,6 +73,7 @@ public class CitizenTokenBuilder { * Build simple attribute. * * @param friendlyName attribute friendly-name + * @param name attribute name * @param value Attributevalue * @return XML attribute */ @@ -89,6 +90,7 @@ public class CitizenTokenBuilder { * Build simple attribute. * * @param friendlyName attribute friendly-name + * @param name attribute name * @param value Attributevalue * @return XML attribute */ diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java index 0b505e56..d29f1a0e 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java @@ -8,15 +8,6 @@ import javax.annotation.Nullable; import javax.annotation.PostConstruct; import javax.net.ssl.SSLHandshakeException; -import at.gv.egiz.components.spring.api.IDestroyableObject; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.impl.utils.FileUtils; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter; - import org.apache.http.client.HttpClient; import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; import org.opensaml.saml.metadata.resolver.ExtendedRefreshableMetadataResolver; @@ -30,6 +21,15 @@ import org.springframework.core.io.ResourceLoader; import com.google.common.base.Predicates; import com.google.common.base.Throwables; import com.google.common.collect.FluentIterable; + +import at.gv.egiz.components.spring.api.IDestroyableObject; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter; import lombok.extern.slf4j.Slf4j; import net.shibboleth.utilities.java.support.component.ComponentInitializationException; import net.shibboleth.utilities.java.support.resolver.ResolverException; @@ -90,6 +90,7 @@ public class PvpMetadataResolverFactory implements IDestroyableObject { * @param filter Filters, which should be used to validate the * metadata * @param idForLogging Id, which is used for Logging + * @param pool XML parser-pool to parse SAML2 Metadaten * @param httpClient Apache commons 4.x http client * * @return SAML2 Metadata Provider, or null if the metadata provider can not diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java index b94ed8cc..88106e5b 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java @@ -2,8 +2,6 @@ package at.gv.egiz.eaaf.modules.pvp2.test; import java.util.List; -import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; - import org.junit.Assert; import org.junit.Test; import org.junit.runner.RunWith; @@ -14,10 +12,12 @@ import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; + @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml", -"/spring/test_eaaf_core_spring_config.beans.xml", -"/spring/eaaf_utils.beans.xml" }) + "/spring/test_eaaf_core_spring_config.beans.xml", + "/spring/eaaf_utils.beans.xml" }) @TestPropertySource(locations = { "/config/config_1.props" }) public class PvpCoreMessageSourceTest { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java index ee601c73..2449c73c 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java @@ -9,33 +9,6 @@ import java.util.Map; import javax.xml.parsers.ParserConfigurationException; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; -import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; -import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory; -import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; -import at.gv.egiz.eaaf.core.impl.utils.DomUtils; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; -import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; -import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare; -import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; -import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest; - import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.RandomStringUtils; import org.joda.time.DateTime; @@ -69,6 +42,32 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.w3c.dom.Element; import org.xml.sax.SAXException; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; +import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest; import net.shibboleth.utilities.java.support.net.URIComparator; import net.shibboleth.utilities.java.support.xml.SerializeSupport; import net.shibboleth.utilities.java.support.xml.XMLParserException; @@ -357,7 +356,8 @@ public class PostBindingTest { @Test public void decodeRequestSuccessWithRequestAttributes() throws MessageDecodingException, SecurityException, - IOException, Pvp2Exception, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, MarshallingException { + IOException, Pvp2Exception, CredentialsNotAvailableException, XMLParserException, + UnmarshallingException, MarshallingException { final String serviceUrl = "https://eidas-test.bmi.gv.at/ms_connector/pvp/post"; final String relayState = RandomStringUtils.randomAlphanumeric(10); @@ -369,7 +369,8 @@ public class PostBindingTest { issuer.setValue("https://demo.egiz.gv.at/demoportal_demologin/"); authnReq.setIssuer(issuer); - final RequestAbstractType signedAuthn = Saml2Utils.signSamlObject(authnReq, credentialProvider.getMessageSigningCredential(), true); + final RequestAbstractType signedAuthn = Saml2Utils.signSamlObject( + authnReq, credentialProvider.getMessageSigningCredential(), true); final Element signedElement = XMLObjectSupport.getMarshaller(signedAuthn).marshall(signedAuthn); final String b64AuthnReq = Base64.getEncoder().encodeToString(SerializeSupport.nodeToString(signedElement).getBytes("UTF-8")); @@ -404,7 +405,8 @@ public class PostBindingTest { Assert.assertEquals("extension child size", 1, parsedAuthnReq.getExtensions().getUnknownXMLObjects().size()); final XMLObject reqAttrs = parsedAuthnReq.getExtensions().getUnknownXMLObjects().get(0); - org.springframework.util.Assert.isInstanceOf(EaafRequestedAttributes.class, reqAttrs, "Wrong requested Attributes type"); + org.springframework.util.Assert.isInstanceOf( + EaafRequestedAttributes.class, reqAttrs, "Wrong requested Attributes type"); final EaafRequestedAttributes eaafReqAttrs = (EaafRequestedAttributes) reqAttrs; Assert.assertNotNull("Req attr is null", eaafReqAttrs.getAttributes()); Assert.assertFalse("Req attr is empty", eaafReqAttrs.getAttributes().isEmpty()); @@ -418,7 +420,8 @@ public class PostBindingTest { Assert.assertEquals("Req. Attr. Value size", 1, eaafReqAttr.getAttributeValues().size()); org.springframework.util.Assert.isInstanceOf(XSString.class, eaafReqAttr.getAttributeValues().get(0), "Wrong requested Attributes Value type"); - Assert.assertEquals("Req. Attr. Value", "urn:publicid:gv.at:cdid+BF", ((XSString)eaafReqAttr.getAttributeValues().get(0)).getValue()); + Assert.assertEquals("Req. Attr. Value", "urn:publicid:gv.at:cdid+BF", + ((XSString)eaafReqAttr.getAttributeValues().get(0)).getValue()); } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java index 8657bc60..5b09d50d 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java @@ -159,7 +159,8 @@ public class MetadataBuilderTest { return entity; } - public static IPvpMetadataBuilderConfiguration idpMetadataConfig(IPvp2CredentialProvider credentialProvider, boolean buildSpInfos, boolean buildIdpInfos) { + public static IPvpMetadataBuilderConfiguration idpMetadataConfig( + IPvp2CredentialProvider credentialProvider, boolean buildSpInfos, boolean buildIdpInfos) { return new IPvpMetadataBuilderConfiguration() { @Override diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java index a88fa869..df5c15f8 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java @@ -39,6 +39,7 @@ public class AuthenticationActionTest { protected MockHttpServletRequest httpReq; protected MockHttpServletResponse httpResp; private PvpSProfilePendingRequest pendingReq; + /** * JUnit class initializer. * diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/MetadataActionTest.java b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/MetadataActionTest.java index 8436a43d..51b4eaef 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/MetadataActionTest.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/MetadataActionTest.java @@ -35,6 +35,7 @@ public class MetadataActionTest { protected MockHttpServletRequest httpReq; protected MockHttpServletResponse httpResp; private TestRequestImpl pendingReq; + /** * JUnit class initializer. * -- cgit v1.2.3 From c7bcb18c30f1a80e23c53bb72bee13d93210041b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 26 Mar 2020 16:47:40 +0100 Subject: some more editorial changes --- .../impl/idp/auth/data/AuthProcessDataWrapper.java | 10 ++++----- .../test/credentials/EaafKeyStoreFactoryTest.java | 24 +++++++++++----------- .../modules/pvp2/test/QaaLevelVerifierTest.java | 20 +++++++++--------- .../modules/pvp2/test/binding/PostBindingTest.java | 4 +++- .../pvp2/test/dummy/DummyCredentialProvider.java | 9 ++++++-- .../pvp2/test/metadata/MetadataBuilderTest.java | 8 ++++++++ 6 files changed, 45 insertions(+), 30 deletions(-) diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java index 30144546..8eef4a8e 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java @@ -28,21 +28,21 @@ import java.util.TimeZone; import javax.annotation.Nullable; +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.EaafAuthProcessDataConstants; import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - public class AuthProcessDataWrapper implements IAuthProcessDataContainer, EaafAuthProcessDataConstants { private static final Logger log = LoggerFactory.getLogger(AuthProcessDataWrapper.class); - public final static String PATTERN_ISSUE_INSTANT = "yyyy-MM-dd'T'HH:mm:ss'Z'"; + public static final String PATTERN_ISSUE_INSTANT = "yyyy-MM-dd'T'HH:mm:ss'Z'"; protected Map authProcessData; diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java index ed2e159b..cefb1e7e 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java @@ -7,17 +7,6 @@ import java.security.Provider; import java.security.cert.X509Certificate; import java.util.List; -import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; - import org.apache.commons.lang3.RandomStringUtils; import org.junit.Assert; import org.junit.Before; @@ -35,6 +24,17 @@ import com.google.common.base.Optional; import com.google.common.base.Predicates; import com.google.common.base.Throwables; import com.google.common.collect.FluentIterable; + +import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; import io.grpc.StatusRuntimeException; @RunWith(SpringJUnit4ClassRunner.class) @@ -325,7 +325,7 @@ public class EaafKeyStoreFactoryTest { keyStore.getFirst(), "notexist", "password".toCharArray(), false, "jUnit test"); Assert.assertNull("Credential 3", privCred3); - //read priv. key + //read priv. key final Pair privCred4 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore.getFirst(), "meta", "wrong".toCharArray(), false, "jUnit test"); Assert.assertNull("Credential 3", privCred4); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java index 44cdf111..c2530004 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java @@ -27,7 +27,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } try { @@ -35,7 +35,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } } @@ -54,7 +54,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } } @@ -69,7 +69,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_SUBSTANTIAL, requiredLoAs, matchingMode); @@ -80,7 +80,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } } @@ -95,7 +95,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } try { @@ -103,7 +103,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_HIGH, requiredLoAs, matchingMode); @@ -113,7 +113,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } } @@ -128,7 +128,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_LOW, requiredLoAs, matchingMode); @@ -139,7 +139,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java index 2449c73c..f14a9093 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java @@ -457,7 +457,9 @@ public class PostBindingTest { try { Assert.assertNotNull("AuthnReq is null", msg.getInboundMessage()); - } catch (final RuntimeException e) { } + } catch (final RuntimeException e) { + Assert.assertNotNull("No errorMsg", e.getMessage()); + } } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java index 7418e1b3..1fe9afcf 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java @@ -1,13 +1,13 @@ package at.gv.egiz.eaaf.modules.pvp2.test.dummy; +import org.springframework.beans.factory.annotation.Autowired; + import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; -import org.springframework.beans.factory.annotation.Autowired; - public class DummyCredentialProvider extends AbstractCredentialProvider { @Autowired IConfiguration basicConfig; @@ -49,6 +49,11 @@ public class DummyCredentialProvider extends AbstractCredentialProvider { } + /** + * Get Path to keystore. + * + * @return + */ public String getKeyStoreFilePath() { final String path = basicConfig.getBasicConfiguration(KEYSTORE_PATH); return path; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java index 5b09d50d..3cc0a908 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java @@ -159,6 +159,14 @@ public class MetadataBuilderTest { return entity; } + /** + * Dummy Metadata builder configuration. + * + * @param credentialProvider Credentialprovider + * @param buildSpInfos Sp metadata flag + * @param buildIdpInfos IDP metadata flag + * @return + */ public static IPvpMetadataBuilderConfiguration idpMetadataConfig( IPvp2CredentialProvider credentialProvider, boolean buildSpInfos, boolean buildIdpInfos) { return new IPvpMetadataBuilderConfiguration() { -- cgit v1.2.3 From fc360a112b7e4714edde1ad9bd44f6397b4e7449 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 31 Mar 2020 17:36:53 +0200 Subject: switch internal wbPK target-identifier for FN, ZVR, and ERSB to XFN, XZVR, and XERSB --- .../eaaf/core/impl/idp/AuthenticationData.java | 12 +- .../builder/AbstractAuthenticationDataBuilder.java | 40 +-- .../core/impl/idp/auth/builder/BpkBuilder.java | 159 ++++++---- .../builder/attributes/BpkAttributeBuilder.java | 4 + .../attributes/EidSectorForIdAttributeBuilder.java | 5 +- .../idp/auth/AuthenticationDataBuilderTest.java | 110 +++++++ .../attributes/AbstractAttributeBuilderTest.java | 2 +- .../auth/attributes/BpkAttributeBuilderTest.java | 123 ++++++++ .../EidSectorForIdAttributeBuilderTest.java | 123 ++++++++ .../core/impl/idp/auth/builder/BpkBuilderTest.java | 333 +++++++++++++++++++++ .../gv/egiz/eaaf/core/api/data/EaafConstants.java | 32 ++ 11 files changed, 859 insertions(+), 84 deletions(-) create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/BpkAttributeBuilderTest.java create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/EidSectorForIdAttributeBuilderTest.java create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java index 7b7aaa36..677e3c46 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java @@ -27,15 +27,16 @@ import java.util.Date; import java.util.Map; import java.util.TimeZone; -import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; -import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; - import org.apache.commons.collections4.map.HashedMap; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder; + /** * Service-Provider specific authentication data. * @@ -293,7 +294,8 @@ public class AuthenticationData implements IAuthData, Serializable { */ @Deprecated public void setBpkType(final String bpkType) { - this.bpkType = bpkType; + this.bpkType = BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(bpkType); + } @Override diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java index 75b14489..c2f85fef 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java @@ -26,6 +26,17 @@ import java.util.ArrayList; import java.util.Collection; import java.util.Map.Entry; +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.lang.NonNull; +import org.springframework.util.Assert; +import org.springframework.util.Base64Utils; +import org.w3c.dom.DOMException; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; @@ -49,17 +60,6 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.lang.NonNull; -import org.springframework.util.Assert; -import org.springframework.util.Base64Utils; -import org.w3c.dom.DOMException; -import org.w3c.dom.Element; -import org.w3c.dom.Node; - public abstract class AbstractAuthenticationDataBuilder implements IAuthenticationDataBuilder { private static final Logger log = LoggerFactory.getLogger(AbstractAuthenticationDataBuilder.class); @@ -726,21 +726,9 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class); if (StringUtils.isNotEmpty(pvpBpkTypeAttr)) { - // //fix a wrong bPK-Type encoding, which was used in some PVP Standardportal - // implementations - // if (pvpbPKTypeAttr.startsWith(EAAFConstants.URN_PREFIX_CDID) && - // !pvpbPKTypeAttr.substring(EAAFConstants.URN_PREFIX_CDID.length(), - // EAAFConstants.URN_PREFIX_CDID.length() + 1).equals("+")) { - // log.warn("Receive uncorrect encoded bBKType attribute " + pvpbPKTypeAttr + " - // Starting - // attribute value correction ... "); - // pvpbPKTypeAttr = EAAFConstants.URN_PREFIX_CDID + "+" + - // pvpbPKTypeAttr.substring(EAAFConstants.URN_PREFIX_CDID.length() + 1); - // - // } - log.debug( - "Find PVP-Attr: " + PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME); - return pvpBpkTypeAttr; + log.debug("Find PVP-Attr: {}", PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME); + return BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(pvpBpkTypeAttr); + } return null; diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java index a613bd56..bb8355ad 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java @@ -25,20 +25,22 @@ import java.security.PrivateKey; import java.security.PublicKey; import java.text.SimpleDateFormat; import java.util.Date; +import java.util.Map.Entry; +import javax.annotation.Nullable; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.util.Base64Utils; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; import at.gv.egiz.eaaf.core.impl.data.Pair; +import lombok.extern.slf4j.Slf4j; + /** * Builder for the bPK, as defined in @@ -47,9 +49,9 @@ import at.gv.egiz.eaaf.core.impl.data.Pair; * "reference.e-government.gv.at". * */ +@Slf4j public class BpkBuilder { - private static final Logger log = LoggerFactory.getLogger(BpkBuilder.class); - + /** * Calculates an area specific unique person-identifier from a baseID. * @@ -100,12 +102,17 @@ public class BpkBuilder { if (baseIdType.equals(EaafConstants.URN_PREFIX_BASEID)) { log.trace("Find baseID. Starting unique identifier caluclation for this target"); - if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_CDID) - || targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) { - log.trace("Calculate bPK, wbPK, or STORK identifier for target: " + targetIdentifier); + if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_CDID)) { + log.trace("Calculate bPK identifier for target: " + targetIdentifier); return Pair.newInstance(calculatebPKwbPK(baseID + "+" + targetIdentifier), targetIdentifier); + } else if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) { + log.trace("Calculate wbPK identifier for target: " + targetIdentifier); + return Pair.newInstance(calculatebPKwbPK( + baseID + "+" + normalizeBpkTargetIdentifierToCalculationFormat(targetIdentifier)), + normalizeBpkTargetIdentifierToCommonFormat(targetIdentifier)); + } else if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_EIDAS)) { log.trace("Calculate eIDAS identifier for target: " + targetIdentifier); final String[] splittedTarget = targetIdentifier.split("\\+"); @@ -144,51 +151,7 @@ public class BpkBuilder { } } - /** - * Builds the eIDAS from the given parameters. - * - * @param baseId baseID of the citizen - * @param baseIdType Type of the baseID - * @param sourceCountry CountryCode of that country, which build the eIDAs - * ID - * @param destinationCountry CountryCode of that country, which receives the - * eIDAs ID - * - * @return Pair eIDAs/bPKType in a BASE64 encoding - * @throws EaafBuilderException if some input data are not valid - */ - private static Pair buildEidasIdentifer(final String baseId, - final String baseIdType, final String sourceCountry, final String destinationCountry) - throws EaafBuilderException { - String bpk = null; - String bpkType = null; - // check if we have been called by public sector application - if (baseIdType.startsWith(EaafConstants.URN_PREFIX_BASEID)) { - bpkType = EaafConstants.URN_PREFIX_EIDAS + sourceCountry + "+" + destinationCountry; - log.debug("Building eIDAS identification from: [identValue]+" + bpkType); - bpk = calculatebPKwbPK(baseId + "+" + bpkType); - - } else { // if not, sector identification value is already calculated by BKU - log.debug("eIDAS eIdentifier already provided by BKU"); - bpk = baseId; - } - - if (StringUtils.isEmpty(bpk) || StringUtils.isEmpty(sourceCountry) - || StringUtils.isEmpty(destinationCountry)) { - throw new EaafBuilderException("builder.00", - new Object[] { "eIDAS-ID", - "Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland=" - + destinationCountry + ", Ursprungsland=" + sourceCountry }, - "eIDAS-ID: Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland=" - + destinationCountry + ", Ursprungsland=" + sourceCountry); - } - - log.trace("eIDAS pseudonym generation finished. "); - final String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bpk; - - return Pair.newInstance(eIdentifier, bpkType); - } /** * Create an encrypted bPK. @@ -264,6 +227,100 @@ public class BpkBuilder { } } + /** + * Normalize wbPK target identifier for FN, ZVR, and ERSB to XFN, XZVR, and XERSB. + * + *

If the target is not of this types the target will be returned as it is

+ * @param targetIdentifier bPK input target + * @return XFN, XZVR, XERSB, or targetIdentfier if no normalization is required + */ + @Nullable + public static String normalizeBpkTargetIdentifierToCommonFormat(@Nullable String targetIdentifier) { + if (targetIdentifier != null + && !targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X)) { + for (Entry mapper : EaafConstants.URN_WBPK_TARGET_X_TO_NONE_MAPPER.entrySet()) { + if (targetIdentifier.startsWith(mapper.getValue())) { + String wbpkTarget = mapper.getKey() + targetIdentifier.substring(mapper.getValue().length()); + log.trace("Normalize wbPK target: {} to {}", targetIdentifier, wbpkTarget); + return wbpkTarget; + + } + } + } + + return targetIdentifier; + } + + /** + * Normalize wbPK target identifier for XFN, XZVR, and XERSB to bPK calculation format like, FN, ZVR, and ERSB. + * + *

If the target is not of this types the target will be returned as it is

+ * + * @param targetIdentifier bPK input target + * @return FN, ZVR, ERSB, or targetIdentfier if no normalization is required + */ + @Nullable + public static String normalizeBpkTargetIdentifierToCalculationFormat(@Nullable String targetIdentifier) { + if (targetIdentifier != null && targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) { + for (Entry mapper : EaafConstants.URN_WBPK_TARGET_X_TO_NONE_MAPPER.entrySet()) { + if (targetIdentifier.startsWith(mapper.getKey())) { + String wbpkTarget = mapper.getValue() + targetIdentifier.substring(mapper.getKey().length()); + log.trace("Find new wbPK target: {}. Replace it by: {}", targetIdentifier, wbpkTarget); + return wbpkTarget; + + } + } + } + + return targetIdentifier; + } + + /** + * Builds the eIDAS from the given parameters. + * + * @param baseId baseID of the citizen + * @param baseIdType Type of the baseID + * @param sourceCountry CountryCode of that country, which build the eIDAs + * ID + * @param destinationCountry CountryCode of that country, which receives the + * eIDAs ID + * + * @return Pair eIDAs/bPKType in a BASE64 encoding + * @throws EaafBuilderException if some input data are not valid + */ + private static Pair buildEidasIdentifer(final String baseId, + final String baseIdType, final String sourceCountry, final String destinationCountry) + throws EaafBuilderException { + String bpk = null; + String bpkType = null; + + // check if we have been called by public sector application + if (baseIdType.startsWith(EaafConstants.URN_PREFIX_BASEID)) { + bpkType = EaafConstants.URN_PREFIX_EIDAS + sourceCountry + "+" + destinationCountry; + log.debug("Building eIDAS identification from: [identValue]+" + bpkType); + bpk = calculatebPKwbPK(baseId + "+" + bpkType); + + } else { // if not, sector identification value is already calculated by BKU + log.debug("eIDAS eIdentifier already provided by BKU"); + bpk = baseId; + } + + if (StringUtils.isEmpty(bpk) || StringUtils.isEmpty(sourceCountry) + || StringUtils.isEmpty(destinationCountry)) { + throw new EaafBuilderException("builder.00", + new Object[] { "eIDAS-ID", + "Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland=" + + destinationCountry + ", Ursprungsland=" + sourceCountry }, + "eIDAS-ID: Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland=" + + destinationCountry + ", Ursprungsland=" + sourceCountry); + } + + log.trace("eIDAS pseudonym generation finished. "); + final String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bpk; + + return Pair.newInstance(eIdentifier, bpkType); + } + private static String calculatebPKwbPK(final String basisbegriff) throws EaafBuilderException { try { final MessageDigest md = MessageDigest.getInstance("SHA-1"); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java index 172d74a7..e18cc1a8 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java @@ -84,12 +84,16 @@ public class BpkAttributeBuilder implements IPvpAttributeBuilder { Assert.isTrue(type != null, "bPKType is 'NULL'"); if (type.startsWith(EaafConstants.URN_PREFIX_WBPK)) { return type.substring(EaafConstants.URN_PREFIX_WBPK.length()); + } else if (type.startsWith(EaafConstants.URN_PREFIX_CDID)) { return type.substring(EaafConstants.URN_PREFIX_CDID.length()); + } else if (type.startsWith(EaafConstants.URN_PREFIX_EIDAS)) { return type.substring(EaafConstants.URN_PREFIX_EIDAS.length()); + } else { return type; + } } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java index 3aedf9ab..48d7a3a3 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java @@ -27,6 +27,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder; @PvpMetadata public class EidSectorForIdAttributeBuilder implements IPvpAttributeBuilder { @@ -46,7 +47,9 @@ public class EidSectorForIdAttributeBuilder implements IPvpAttributeBuilder { } return g.buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, - EID_SECTOR_FOR_IDENTIFIER_NAME, bpktype); + EID_SECTOR_FOR_IDENTIFIER_NAME, + BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(bpktype)); + } @Override diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/AuthenticationDataBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/AuthenticationDataBuilderTest.java index 072dbb95..33bd1010 100644 --- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/AuthenticationDataBuilderTest.java +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/AuthenticationDataBuilderTest.java @@ -4,6 +4,7 @@ import java.io.ByteArrayInputStream; import java.util.HashMap; import java.util.Map; +import org.junit.Assert; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; @@ -11,7 +12,11 @@ import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.util.Base64Utils; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.EaafParserException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyConfiguration; @@ -156,6 +161,111 @@ public class AuthenticationDataBuilderTest { } + @Test + public void buildAuthDataBpkTest() throws EaafParserException, + EaafAuthenticationException, EaafStorageException { + final TestRequestImpl pendingReq = new TestRequestImpl(); + final Map spConfigMap = new HashMap<>(); + spConfigMap.put("target", "urn:publicid:gv.at:cdid+ZP-MH"); + + final DummySpConfiguration spConfig = new DummySpConfiguration(spConfigMap, authConfig); + pendingReq.setSpConfig(spConfig); + + final HashMap sessionStore = new HashMap<>(); + final AuthProcessDataWrapper wrapper = new AuthProcessDataWrapper(sessionStore); + wrapper.setIdentityLink(new SimpleIdentityLinkAssertionParser( + new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_2.getBytes()))) + .parseIdentityLink()); + pendingReq.setRawDataToTransaction(sessionStore); + + + //build authData + IAuthData authData = authBuilder.buildAuthenticationData(pendingReq); + + Assert.assertEquals("Wrong bPK", "RwsSdKzmcbL5FKoADZx7/iUZANE=", authData.getBpk()); + Assert.assertEquals("Wrong bPKType", "urn:publicid:gv.at:cdid+ZP-MH", authData.getBpkType()); + + + } + + @Test + public void buildAuthDataWbpkTestWithoutXTarget() throws EaafParserException, + EaafAuthenticationException, EaafStorageException { + final TestRequestImpl pendingReq = new TestRequestImpl(); + final Map spConfigMap = new HashMap<>(); + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "FN+123456i"); + + final DummySpConfiguration spConfig = new DummySpConfiguration(spConfigMap, authConfig); + pendingReq.setSpConfig(spConfig); + + final HashMap sessionStore = new HashMap<>(); + final AuthProcessDataWrapper wrapper = new AuthProcessDataWrapper(sessionStore); + wrapper.setIdentityLink(new SimpleIdentityLinkAssertionParser( + new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_2.getBytes()))) + .parseIdentityLink()); + pendingReq.setRawDataToTransaction(sessionStore); + + + //build authData + IAuthData authData = authBuilder.buildAuthenticationData(pendingReq); + + Assert.assertEquals("Wrong bPK", "k65HRxpVcoZ2OPZHo3j2LEn/JQE=", authData.getBpk()); + Assert.assertEquals("Wrong bPKType", EaafConstants.URN_PREFIX_WBPK + "XFN+123456i", authData.getBpkType()); + + } + + @Test + public void buildAuthDataWbpkTestWithXTarget() throws EaafParserException, + EaafAuthenticationException, EaafStorageException { + final TestRequestImpl pendingReq = new TestRequestImpl(); + final Map spConfigMap = new HashMap<>(); + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XFN+123456i"); + + final DummySpConfiguration spConfig = new DummySpConfiguration(spConfigMap, authConfig); + pendingReq.setSpConfig(spConfig); + + final HashMap sessionStore = new HashMap<>(); + final AuthProcessDataWrapper wrapper = new AuthProcessDataWrapper(sessionStore); + wrapper.setIdentityLink(new SimpleIdentityLinkAssertionParser( + new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_2.getBytes()))) + .parseIdentityLink()); + pendingReq.setRawDataToTransaction(sessionStore); + + + //build authData + IAuthData authData = authBuilder.buildAuthenticationData(pendingReq); + + Assert.assertEquals("Wrong bPK", "k65HRxpVcoZ2OPZHo3j2LEn/JQE=", authData.getBpk()); + Assert.assertEquals("Wrong bPKType", EaafConstants.URN_PREFIX_WBPK + "XFN+123456i", authData.getBpkType()); + + } + + @Test + public void buildAuthDataEidasTarget() throws EaafParserException, + EaafAuthenticationException, EaafStorageException { + final TestRequestImpl pendingReq = new TestRequestImpl(); + final Map spConfigMap = new HashMap<>(); + spConfigMap.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+ES"); + + final DummySpConfiguration spConfig = new DummySpConfiguration(spConfigMap, authConfig); + pendingReq.setSpConfig(spConfig); + + final HashMap sessionStore = new HashMap<>(); + final AuthProcessDataWrapper wrapper = new AuthProcessDataWrapper(sessionStore); + wrapper.setIdentityLink(new SimpleIdentityLinkAssertionParser( + new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_2.getBytes()))) + .parseIdentityLink()); + pendingReq.setRawDataToTransaction(sessionStore); + + + //build authData + IAuthData authData = authBuilder.buildAuthenticationData(pendingReq); + + Assert.assertEquals("Wrong bPK", "AT/ES/7AuLZNKsiRr97yvLsQ16SZ6r0q0=", authData.getBpk()); + Assert.assertEquals("Wrong bPKType", EaafConstants.URN_PREFIX_EIDAS + "AT+ES", authData.getBpkType()); + + } + private void buildAuthDataWithIdlOnly_2(final Boolean idlEscaptionFlag, final String givenName, final String familyName) throws Exception { IAuthData authData = null; diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/AbstractAttributeBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/AbstractAttributeBuilderTest.java index 96e870ee..7092031f 100644 --- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/AbstractAttributeBuilderTest.java +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/AbstractAttributeBuilderTest.java @@ -130,7 +130,7 @@ public abstract class AbstractAttributeBuilderTest { protected IAttributeGenerator gen = new SimpleStringAttributeGenerator(); protected static DummySpConfiguration spConfig = null; - private static final Map spConfigMap = new HashMap<>(); + protected static final Map spConfigMap = new HashMap<>(); private static final TestRequestImpl pendingReq = new TestRequestImpl(); /** diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/BpkAttributeBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/BpkAttributeBuilderTest.java new file mode 100644 index 00000000..1ad75abc --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/BpkAttributeBuilderTest.java @@ -0,0 +1,123 @@ +package at.gv.egiz.eaaf.core.impl.idp.auth.attributes; + +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BpkAttributeBuilder; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_eaaf_core.xml") +public class BpkAttributeBuilderTest extends AbstractAttributeBuilderTest { + + private final IAttributeBuilder attrBuilde = new BpkAttributeBuilder(); + + @Test + public void performTestBpk() throws Exception { + spConfigMap.put("target", "urn:publicid:gv.at:cdid+ZP-MH"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong bPK", + "ZP-MH:" + authData.getBpk(), + value); + + } + + @Test + public void performTestWbpkFn() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XFN+123456i"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong wbPK", + "XFN+123456i:" + authData.getBpk(), + value); + + } + + @Test + public void performTestWbpkZvr() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XZVR+123456i"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong wbPK", + "XZVR+123456i:" + authData.getBpk(), + value); + + } + + @Test + public void performTestWbpkErsb() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XERSB+123456i"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong wbPK", + "XERSB+123456i:" + authData.getBpk(), + value); + + } + + @Test + public void performTestWbpkOldFormFn() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "FN+123456i"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong wbPK", + "XFN+123456i:" + authData.getBpk(), + value); + + } + + @Test + public void performTestWbpkOldFormZvr() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "ZVR+123456i"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong wbPK", + "XZVR+123456i:" + authData.getBpk(), + value); + + } + + @Test + public void performTestWbpkOldFormErsb() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "ERSB+123456i"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong wbPK", + "XERSB+123456i:" + authData.getBpk(), + value); + + } + + @Test + public void performTestEidas() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+ES"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong eIDAS bPK", + "AT+ES:" + authData.getBpk(), + value); + + } +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/EidSectorForIdAttributeBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/EidSectorForIdAttributeBuilderTest.java new file mode 100644 index 00000000..204eea56 --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/EidSectorForIdAttributeBuilderTest.java @@ -0,0 +1,123 @@ +package at.gv.egiz.eaaf.core.impl.idp.auth.attributes; + +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidSectorForIdAttributeBuilder; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_eaaf_core.xml") +public class EidSectorForIdAttributeBuilderTest extends AbstractAttributeBuilderTest { + + private final IAttributeBuilder attrBuilde = new EidSectorForIdAttributeBuilder(); + + @Test + public void performTestBpk() throws Exception { + spConfigMap.put("target", "urn:publicid:gv.at:cdid+ZP-MH"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong bPK target", + "urn:publicid:gv.at:cdid+ZP-MH", + value); + + } + + @Test + public void performTestWbpkFn() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XFN+123456i"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong wbPK target", + EaafConstants.URN_PREFIX_WBPK + "FN+123456i", + value); + + } + + @Test + public void performTestWbpkZvr() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XZVR+123456i"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong wbPK target", + EaafConstants.URN_PREFIX_WBPK + "ZVR+123456i", + value); + + } + + @Test + public void performTestWbpkErsb() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XERSB+123456i"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong wbPK target", + EaafConstants.URN_PREFIX_WBPK + "ERSB+123456i", + value); + + } + + @Test + public void performTestWbpkOldFormFn() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "FN+123456i"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong wbPK target", + EaafConstants.URN_PREFIX_WBPK + "FN+123456i", + value); + + } + + @Test + public void performTestWbpkOldFormZvr() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "ZVR+123456i"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong wbPK target", + EaafConstants.URN_PREFIX_WBPK + "ZVR+123456i", + value); + + } + + @Test + public void performTestWbpkOldFormErsb() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "ERSB+123456i"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong wbPK target", + EaafConstants.URN_PREFIX_WBPK + "ERSB+123456i", + value); + + } + + @Test + public void performTestEidas() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+ES"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong eIDAS bPK target", + EaafConstants.URN_PREFIX_EIDAS + "AT+ES", + value); + + } +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java new file mode 100644 index 00000000..0ca8ca53 --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java @@ -0,0 +1,333 @@ +package at.gv.egiz.eaaf.core.impl.idp.auth.builder; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; + +@RunWith(BlockJUnit4ClassRunner.class) +public class BpkBuilderTest { + + private static final String BASEID = "RUxHQVRlc3RQQjBYWFjFkHpnw7xyX1hYWFTDvHpla8OnaQ=="; + + + @Test + public void noBaseId() { + try { + BpkBuilder.generateAreaSpecificPersonIdentifier(null, EaafConstants.URN_PREFIX_CDID + "AA"); + + } catch (EaafBuilderException e) { + Assert.assertEquals("Wrong errorCode", "builder.00", e.getErrorId()); + } + } + + @Test + public void noTarget() { + try { + BpkBuilder.generateAreaSpecificPersonIdentifier(BASEID, null); + + } catch (EaafBuilderException e) { + Assert.assertEquals("Wrong errorCode", "builder.00", e.getErrorId()); + } + } + + @Test + public void noBaseIdType() { + try { + BpkBuilder.generateAreaSpecificPersonIdentifier(BASEID, + null, EaafConstants.URN_PREFIX_CDID + "AA"); + + } catch (EaafBuilderException e) { + Assert.assertEquals("Wrong errorCode", "builder.00", e.getErrorId()); + } + } + + @Test + public void wrongBaseIdType() { + try { + BpkBuilder.generateAreaSpecificPersonIdentifier(BASEID, + EaafConstants.URN_PREFIX_CDID + "BB", EaafConstants.URN_PREFIX_CDID + "AA"); + + } catch (EaafBuilderException e) { + Assert.assertEquals("Wrong errorCode", "builder.00", e.getErrorId()); + } + } + + @Test + public void baseIdTypeEqualsTarget() throws EaafBuilderException { + Pair result1 = BpkBuilder.generateAreaSpecificPersonIdentifier(BASEID, + EaafConstants.URN_PREFIX_CDID + "AA", EaafConstants.URN_PREFIX_CDID + "AA"); + + Assert.assertEquals("first bPK", BASEID, + result1.getFirst()); + Assert.assertEquals("first bPK", "urn:publicid:gv.at:cdid+AA", + result1.getSecond()); + + } + + @Test + public void buildBpk() throws EaafBuilderException { + + Pair result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_CDID + "AA"); + Pair result2 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_CDID + "BB"); + + Assert.assertEquals("first bPK", "b1Ip610zZq/Or/uCqgb51lnAdZM=", + result1.getFirst()); + Assert.assertEquals("first bPK", "urn:publicid:gv.at:cdid+AA", + result1.getSecond()); + + Assert.assertEquals("second bPK", "uYst6hjKJvyp7s/ezD8zsnkcj9k=", + result2.getFirst()); + Assert.assertEquals("second bPK", "urn:publicid:gv.at:cdid+BB", + result2.getSecond()); + + } + + @Test + public void buildWbpkFn() throws EaafBuilderException { + + Pair result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_WBPK + "FN+123456i"); + + Assert.assertEquals("wbPK", "k65HRxpVcoZ2OPZHo3j2LEn/JQE=", + result1.getFirst()); + Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XFN+123456i", + result1.getSecond()); + + } + + @Test + public void buildWbpkZvr() throws EaafBuilderException { + + Pair result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_WBPK + "ZVR+123456"); + + Assert.assertEquals("wbPK", "g4JRKGS+AJxd9FU8k2tG8Lxrx6M=", + result1.getFirst()); + Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XZVR+123456", + result1.getSecond()); + + } + + @Test + public void buildWbpkErsb() throws EaafBuilderException { + + Pair result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_WBPK + "ERSB+123456"); + + Assert.assertEquals("wbPK", "Bjnl0BofeJGgqynJP1r/ff6E1Rk=", + result1.getFirst()); + Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XERSB+123456", + result1.getSecond()); + + } + + @Test + public void buildWbpkXFn() throws EaafBuilderException { + + Pair result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_WBPK + "XFN+123456i"); + + Assert.assertEquals("wbPK", "k65HRxpVcoZ2OPZHo3j2LEn/JQE=", + result1.getFirst()); + Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XFN+123456i", + result1.getSecond()); + + } + + @Test + public void buildWbpkXZvr() throws EaafBuilderException { + + Pair result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_WBPK + "XZVR+123456"); + + Assert.assertEquals("wbPK", "g4JRKGS+AJxd9FU8k2tG8Lxrx6M=", + result1.getFirst()); + Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XZVR+123456", + result1.getSecond()); + + } + + @Test + public void buildWbpkXErsb() throws EaafBuilderException { + + Pair result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_WBPK + "XERSB+123456"); + + Assert.assertEquals("wbPK", "Bjnl0BofeJGgqynJP1r/ff6E1Rk=", + result1.getFirst()); + Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XERSB+123456", + result1.getSecond()); + + } + + @Test + public void buildWbpkOthers() throws EaafBuilderException { + + Pair result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_WBPK + "XABC+123456"); + + Assert.assertEquals("wbPK", "wv96/xKUyi6YoYGv7IcIlFTsJIk=", + result1.getFirst()); + Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XABC+123456", + result1.getSecond()); + + } + + @Test + public void buildEidasId() throws EaafBuilderException { + + Pair result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_EIDAS + "AT+ES"); + + Assert.assertEquals("eidas", "AT/ES/7AuLZNKsiRr97yvLsQ16SZ6r0q0=", + result1.getFirst()); + Assert.assertEquals("wbPK", "urn:publicid:gv.at:eidasid+AT+ES", + result1.getSecond()); + + } + + @Test + public void normalizeNullTarget() { + Assert.assertNull("Wrong normalized target", + BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(null)); + + } + + @Test + public void normalizeBpkTarget() { + String target = EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong normalized target", + target, + BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(target)); + + } + + @Test + public void normalizeWbpkTargetWithX() { + String target = EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong normalized target", + target, + BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(target)); + + } + + @Test + public void normalizeWbpkTargetWithOutXNoMapping() { + String target = EaafConstants.URN_PREFIX_WBPK + RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong normalized target", + target, + BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(target)); + + } + + @Test + public void normalizeWbpkTargetWithOutXMappingFn() { + Assert.assertEquals("Wrong normalized target", + EaafConstants.URN_PREFIX_WBPK + "XFN+123456i", + BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(EaafConstants.URN_PREFIX_WBPK + "FN+123456i")); + + } + + @Test + public void normalizeWbpkTargetWithOutXMappingZvr() { + Assert.assertEquals("Wrong normalized target", + EaafConstants.URN_PREFIX_WBPK + "XZVR+1122334455", + BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(EaafConstants.URN_PREFIX_WBPK + "ZVR+1122334455")); + + } + + @Test + public void normalizeWbpkTargetWithOutXMappingErsb() { + Assert.assertEquals("Wrong normalized target", + EaafConstants.URN_PREFIX_WBPK + "XERSB+998877665544", + BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(EaafConstants.URN_PREFIX_WBPK + "ERSB+998877665544")); + + } + + @Test + public void normalizeEidasTarget() { + String target = EaafConstants.URN_PREFIX_EIDAS + RandomStringUtils.randomAlphabetic(2) + + "+" + RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong normalized target", + target, + BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(target)); + + } + + @Test + public void calcNormalizeNullTarget() { + Assert.assertNull("Wrong normalized target", + BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(null)); + + } + + @Test + public void calcNormalizeBpkTarget() { + String target = EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong normalized target", + target, + BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(target)); + + } + + @Test + public void calcNormalizeWbpkTargetWithoutX() { + + Assert.assertEquals("Wrong normalized target", + EaafConstants.URN_PREFIX_WBPK + "FN+123456i", + BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(EaafConstants.URN_PREFIX_WBPK + "FN+123456i")); + + } + + @Test + public void calcNormalizeWbpkTargetWithOutXNoMapping() { + String target = EaafConstants.URN_PREFIX_WBPK + RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong normalized target", + target, + BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(target)); + + } + + @Test + public void calcNormalizeWbpkTargetWithXMappingFn() { + Assert.assertEquals("Wrong normalized target", + EaafConstants.URN_PREFIX_WBPK + "FN+123456i", + BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(EaafConstants.URN_PREFIX_WBPK + "XFN+123456i")); + + } + + @Test + public void calcNormalizeWbpkTargetWithXMappingZvr() { + Assert.assertEquals("Wrong normalized target", + EaafConstants.URN_PREFIX_WBPK + "ZVR+1122334455", + BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(EaafConstants.URN_PREFIX_WBPK + "XZVR+1122334455")); + + } + + @Test + public void calcNormalizeWbpkTargetWithXMappingErsb() { + Assert.assertEquals("Wrong normalized target", + EaafConstants.URN_PREFIX_WBPK + "ERSB+998877665544", + BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(EaafConstants.URN_PREFIX_WBPK + "XERSB+998877665544")); + + } + + @Test + public void calcNormalizeEidasTarget() { + String target = EaafConstants.URN_PREFIX_EIDAS + RandomStringUtils.randomAlphabetic(2) + + "+" + RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong normalized target", + target, + BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(target)); + + } + +} diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java index 4bd5bc39..57375e01 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java @@ -19,6 +19,10 @@ package at.gv.egiz.eaaf.core.api.data; +import java.util.Collections; +import java.util.LinkedHashMap; +import java.util.Map; + public class EaafConstants { public static final String CONTENTTYPE_HTML_UTF8 = "text/html; charset=UTF-8"; @@ -51,6 +55,34 @@ public class EaafConstants { public static final String URN_PREFIX_EIDAS = URN_PREFIX_WITH_COLON + URN_PART_EIDAS; public static final String URN_PREFIX_OW_BPK = URN_PREFIX_CDID + "OW"; + public static final String URN_PREFIX_WBPK_TARGET_WITH_X = EaafConstants.URN_PREFIX_WBPK + "X"; + private static final String WBPK_TARGET_FN = "FN"; + private static final String WBPK_TARGET_ZVR = "ZVR"; + private static final String WBPK_TARGET_ERSB = "ERSB"; + + private static final String URN_PREFIX_WBPK_TARGET_XFN_TARGET = + EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + WBPK_TARGET_FN; + private static final String URN_PREFIX_WBPK_TARGET_XZVR_TARGET = + EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + WBPK_TARGET_ZVR; + private static final String URN_PREFIX_WBPK_TARGET_XERSB_TARGET = + EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + WBPK_TARGET_ERSB; + + private static final String URN_PREFIX_WBPK_TARGET_FN_TARGET = EaafConstants.URN_PREFIX_WBPK + WBPK_TARGET_FN; + private static final String URN_PREFIX_WBPK_TARGET_ZVR_TARGET = EaafConstants.URN_PREFIX_WBPK + WBPK_TARGET_ZVR; + private static final String URN_PREFIX_WBPK_TARGET_ERSB_TARGET = EaafConstants.URN_PREFIX_WBPK + WBPK_TARGET_ERSB; + + public static final Map URN_WBPK_TARGET_X_TO_NONE_MAPPER; + + static { + final Map intMap = new LinkedHashMap<>(); + intMap.put(URN_PREFIX_WBPK_TARGET_XFN_TARGET, URN_PREFIX_WBPK_TARGET_FN_TARGET); + intMap.put(URN_PREFIX_WBPK_TARGET_XZVR_TARGET, URN_PREFIX_WBPK_TARGET_ZVR_TARGET); + intMap.put(URN_PREFIX_WBPK_TARGET_XERSB_TARGET, URN_PREFIX_WBPK_TARGET_ERSB_TARGET); + URN_WBPK_TARGET_X_TO_NONE_MAPPER = Collections.unmodifiableMap(intMap); + + } + + // Authentication process data_constants public static final String UNIQUESESSIONIDENTIFIER = "eaaf_uniqueSessionIdentifier"; public static final String AUTH_DATA_CREATED = "eaaf_authdata_created"; -- cgit v1.2.3 From ccef126ae469181b9a4a15ea16d0ab0ffa22621e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 31 Mar 2020 18:15:49 +0200 Subject: change default SSLContext factory to Apache HTTP-Client based version --- .../eaaf/core/impl/http/HttpClientFactory.java | 59 +++++++++------------- 1 file changed, 24 insertions(+), 35 deletions(-) diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java index 58d7e7b2..00d5891a 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java @@ -1,7 +1,6 @@ package at.gv.egiz.eaaf.core.impl.http; import java.security.KeyStore; -import java.security.NoSuchAlgorithmException; import java.util.HashMap; import java.util.Map; @@ -35,12 +34,12 @@ import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.impl.client.HttpClients; import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; import org.apache.http.protocol.HttpContext; +import org.apache.http.ssl.SSLContexts; import org.springframework.beans.factory.annotation.Autowired; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; import lombok.extern.slf4j.Slf4j; @@ -53,8 +52,6 @@ public class HttpClientFactory implements IHttpClientFactory { @Autowired private EaafKeyStoreFactory keyStoreFactory; - private static final String ERROR_03 = "internal.httpclient.03"; - public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE = "client.http.connection.pool.use"; public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL = @@ -238,43 +235,35 @@ public class HttpClientFactory implements IHttpClientFactory { private LayeredConnectionSocketFactory getSslContext(final HttpClientConfiguration httpClientConfig) throws EaafException { SSLContext sslContext = null; - try { - if (httpClientConfig.getAuthMode().equals(HttpClientConfiguration.ClientAuthMode.SSL)) { - log.debug("Open keyStore with type: {}", httpClientConfig.getKeyStoreConfig().getKeyStoreType()); - final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(httpClientConfig.getKeyStoreConfig()) - .getFirst(); - - log.trace("Injecting SSL client-authentication into http client ... "); - sslContext = HttpUtils.buildSslContextWithSslClientAuthentication(keyStore, - httpClientConfig.getSslKeyAlias(), httpClientConfig.getSslKeyPassword(), - httpClientConfig.isDisableTlsHostCertificateValidation(), httpClientConfig.getFriendlyName()); - - } else { - log.trace("Initializing default SSL Context ... "); - sslContext = SSLContext.getDefault(); - - } + if (httpClientConfig.getAuthMode().equals(HttpClientConfiguration.ClientAuthMode.SSL)) { + log.debug("Open keyStore with type: {}", httpClientConfig.getKeyStoreConfig().getKeyStoreType()); + final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(httpClientConfig.getKeyStoreConfig()) + .getFirst(); - // set hostname verifier - HostnameVerifier hostnameVerifier = null; - if (httpClientConfig.isDisableHostnameValidation()) { - hostnameVerifier = new NoopHostnameVerifier(); - log.warn("HTTP client-builder deactivates SSL Host-name verification!"); + log.trace("Injecting SSL client-authentication into http client ... "); + sslContext = HttpUtils.buildSslContextWithSslClientAuthentication(keyStore, + httpClientConfig.getSslKeyAlias(), httpClientConfig.getSslKeyPassword(), + httpClientConfig.isDisableTlsHostCertificateValidation(), httpClientConfig.getFriendlyName()); - } - - final LayeredConnectionSocketFactory sslSocketFactory = - new SSLConnectionSocketFactory(sslContext, hostnameVerifier); - log.debug("HTTP client-builder successfuly initialized"); - return sslSocketFactory; + } else { + log.trace("Initializing default SSL Context ... "); + sslContext = SSLContexts.createDefault(); + + } - } catch (final NoSuchAlgorithmException e) { - log.warn("HTTP client-builder can NOT initialze SSL-Context", e); - throw new EaafFactoryException(ERROR_03, new Object[] { - httpClientConfig.getFriendlyName(), e.getMessage()}, e); + // set hostname verifier + HostnameVerifier hostnameVerifier = null; + if (httpClientConfig.isDisableHostnameValidation()) { + hostnameVerifier = new NoopHostnameVerifier(); + log.warn("HTTP client-builder deactivates SSL Host-name verification!"); } + final LayeredConnectionSocketFactory sslSocketFactory = + new SSLConnectionSocketFactory(sslContext, hostnameVerifier); + log.debug("HTTP client-builder successfuly initialized"); + return sslSocketFactory; + } private void injectDefaultConnectionPoolIfRequired( -- cgit v1.2.3 From bada55e1a4ee92bc05d55950836942ed6c3e97f6 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 1 Apr 2020 09:05:40 +0200 Subject: fix wrong format in case of encrypted wbPKs --- .../core/impl/idp/auth/builder/BpkBuilder.java | 57 ++++++---- .../messages/eaaf_core_messages.properties | 5 +- .../core/impl/idp/auth/builder/BpkBuilderTest.java | 122 ++++++++++++++++++++- 3 files changed, 161 insertions(+), 23 deletions(-) diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java index bb8355ad..fed4af32 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java @@ -52,6 +52,8 @@ import lombok.extern.slf4j.Slf4j; @Slf4j public class BpkBuilder { + private static final String ERROR_MSG_WRONG_TARGET_FORMAT = "bPK-target format must be full URI"; + /** * Calculates an area specific unique person-identifier from a baseID. * @@ -157,7 +159,7 @@ public class BpkBuilder { * Create an encrypted bPK. * * @param bpk unencrypted bPK - * @param target bPK target + * @param target bPK target in full form * @param publicKey Public-Key used for encryption * @return encrypted bPK * @throws EaafBuilderException In case of an error @@ -165,12 +167,17 @@ public class BpkBuilder { public static String encryptBpk(final String bpk, String target, final PublicKey publicKey) throws EaafBuilderException { final SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss"); - if (target.startsWith(EaafConstants.URN_PREFIX_CDID)) { - target = target.substring(EaafConstants.URN_PREFIX_CDID.length()); + + if (!target.startsWith(EaafConstants.URN_PREFIX_WITH_COLON)) { + throw new EaafBuilderException("builder.32", + null, ERROR_MSG_WRONG_TARGET_FORMAT); + } + + target = normalizeBpkTargetIdentifierToCalculationFormat(target); final String input = - "V1::urn:publicid:gv.at:cdid+" + target + "::" + bpk + "::" + sdf.format(new Date()); + "V1::" + target + "::" + bpk + "::" + sdf.format(new Date()); // System.out.println(input); byte[] result; try { @@ -190,17 +197,23 @@ public class BpkBuilder { * Decrypt an encrypted bPK. * * @param encryptedBpk encrypted bPK - * @param target bPK target + * @param target bPK target in full form * @param privateKey private-key for decryption - * @return bPK + * @return bPK Pair consists of (unique person identifier for this target, + * targetArea) but never null * @throws EaafBuilderException In case of an error */ - public static String decryptBpk(final String encryptedBpk, String target, + public static Pair decryptBpk(final String encryptedBpk, String target, final PrivateKey privateKey) throws EaafBuilderException { String decryptedString; + + if (!target.startsWith(EaafConstants.URN_PREFIX_WITH_COLON)) { + throw new EaafBuilderException("builder.32", + null, ERROR_MSG_WRONG_TARGET_FORMAT); + + } + try { - // byte[] encryptedBytes = Base64Utils.decode(encryptedBpk, false, - // "ISO-8859-1"); final byte[] encryptedBytes = Base64Utils.decode(encryptedBpk.getBytes("ISO-8859-1")); final byte[] decryptedBytes = decrypt(encryptedBytes, privateKey); decryptedString = new String(decryptedBytes, "ISO-8859-1"); @@ -210,20 +223,24 @@ public class BpkBuilder { } - String tmp = decryptedString.substring(decryptedString.indexOf('+') + 1); - final String sector = tmp.substring(0, tmp.indexOf("::")); - tmp = tmp.substring(tmp.indexOf("::") + 2); - final String bPK = tmp.substring(0, tmp.indexOf("::")); - - if (target.startsWith(EaafConstants.URN_PREFIX_CDID + "+")) { - target = target.substring((EaafConstants.URN_PREFIX_CDID + "+").length()); + String[] parts = decryptedString.split("::"); + if (parts.length != 4) { + log.trace("Encrypted bPK has value: {}", decryptedString); + throw new EaafBuilderException("builder.31", new Object[] {parts.length}, + "encBpk has a suspect format"); + } + + final String sector = parts[1]; + final String bPK = parts[2]; - if (target.equals(sector)) { - return bPK; + if (target.equals(normalizeBpkTargetIdentifierToCommonFormat(sector))) { + return Pair.newInstance(bPK, target); + } else { - log.error("Decrypted bPK does not match to request bPK target."); - return null; + throw new EaafBuilderException("builder.30", new Object[] {sector, target}, + "Decrypted bPK-target does not match"); + } } diff --git a/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties b/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties index 1916a7fc..064554b9 100644 --- a/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties +++ b/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties @@ -1,6 +1,7 @@ eaaf.core.00=Requested URL: {0} is NOT allowed by configuration. builder.08=Authentication process could NOT completed. Reason: {0} - - +builder.30=Decrypted bPK target: {0} does not match to required target: {1} +builder.31=Encrypted bPK has a suspect format and consists of #{0} elements +builder.32=bPK-target format must be full URI diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java index 0ca8ca53..64c13781 100644 --- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java @@ -1,7 +1,14 @@ package at.gv.egiz.eaaf.core.impl.idp.auth.builder; +import java.security.InvalidKeyException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; + import org.apache.commons.lang3.RandomStringUtils; import org.junit.Assert; +import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.BlockJUnit4ClassRunner; @@ -15,6 +22,118 @@ public class BpkBuilderTest { private static final String BASEID = "RUxHQVRlc3RQQjBYWFjFkHpnw7xyX1hYWFTDvHpla8OnaQ=="; + private KeyPair keyPair; + + + /** + * jUnit test initializer. + * @throws NoSuchProviderException In case of an error + * @throws NoSuchAlgorithmException In case of an error + */ + @Before + public void initialize() throws NoSuchAlgorithmException, NoSuchProviderException { + KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); + keyPair = keyGen.generateKeyPair(); + + } + + @Test + public void encBpkWrongTarget() throws InvalidKeyException { + String bpk = RandomStringUtils.randomAlphanumeric(25); + String target = RandomStringUtils.randomAlphanumeric(25); + + try { + BpkBuilder.encryptBpk(bpk, target, keyPair.getPublic()); + Assert.fail("Wrong parameters not detected"); + + } catch (EaafBuilderException e) { + Assert.assertEquals("Wrong errorMsg", "builder.32", e.getErrorId()); + + } + } + + @Test + public void decBpkWrongTarget() throws InvalidKeyException { + String bpk = RandomStringUtils.randomAlphanumeric(25); + String target = RandomStringUtils.randomAlphanumeric(25); + + try { + BpkBuilder.decryptBpk(bpk, target, keyPair.getPrivate()); + Assert.fail("Wrong parameters not detected"); + + } catch (EaafBuilderException e) { + Assert.assertEquals("Wrong errorMsg", "builder.32", e.getErrorId()); + + } + } + + @Test + public void decBpkWrongTargetInEncBpk() throws InvalidKeyException, EaafBuilderException { + String bpk = RandomStringUtils.randomAlphanumeric(25); + String target = EaafConstants.URN_PREFIX_CDID + "AA"; + + String encBpk = BpkBuilder.encryptBpk(bpk, target, keyPair.getPublic()); + try { + BpkBuilder.decryptBpk(encBpk, + EaafConstants.URN_PREFIX_CDID + "BB", keyPair.getPrivate()); + Assert.fail("Wrong parameters not detected"); + + } catch (EaafBuilderException e) { + Assert.assertEquals("Wrong errorMsg", "builder.30", e.getErrorId()); + + } + } + + @Test + public void encBpkSuccess() throws EaafBuilderException, InvalidKeyException { + String bpk = RandomStringUtils.randomAlphanumeric(25); + String target = EaafConstants.URN_PREFIX_CDID + "AA"; + + String encBpk = BpkBuilder.encryptBpk(bpk, target, keyPair.getPublic()); + + Assert.assertNotNull("encBpk", encBpk); + + Pair decBpk = BpkBuilder.decryptBpk(encBpk, target, keyPair.getPrivate()); + + Assert.assertEquals("wrong bBK", bpk, decBpk.getFirst()); + Assert.assertEquals("wrong bBK-Target", target, decBpk.getSecond()); + + } + + @Test + public void encWbpkSuccess() throws EaafBuilderException, InvalidKeyException { + String bpk = RandomStringUtils.randomAlphanumeric(25); + String target = EaafConstants.URN_PREFIX_WBPK + "XFN+123456i"; + + String encBpk = BpkBuilder.encryptBpk(bpk, target, keyPair.getPublic()); + + Assert.assertNotNull("encBpk", encBpk); + + Pair decBpk = BpkBuilder.decryptBpk(encBpk, target, keyPair.getPrivate()); + + Assert.assertEquals("wrong bBK", bpk, decBpk.getFirst()); + Assert.assertEquals("wrong bBK-Target", target, decBpk.getSecond()); + + } + + @Test + public void encWbpkSuccessSecond() throws EaafBuilderException, InvalidKeyException { + String bpk = RandomStringUtils.randomAlphanumeric(25); + String target = EaafConstants.URN_PREFIX_WBPK + "FN+123456i"; + + String encBpk = BpkBuilder.encryptBpk(bpk, target, keyPair.getPublic()); + + Assert.assertNotNull("encBpk", encBpk); + + Pair decBpk = BpkBuilder.decryptBpk(encBpk, + EaafConstants.URN_PREFIX_WBPK + "XFN+123456i", keyPair.getPrivate()); + + Assert.assertEquals("wrong bBK", bpk, decBpk.getFirst()); + Assert.assertEquals("wrong bBK-Target", + EaafConstants.URN_PREFIX_WBPK + "XFN+123456i", decBpk.getSecond()); + + } + @Test public void noBaseId() { @@ -316,7 +435,8 @@ public class BpkBuilderTest { public void calcNormalizeWbpkTargetWithXMappingErsb() { Assert.assertEquals("Wrong normalized target", EaafConstants.URN_PREFIX_WBPK + "ERSB+998877665544", - BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(EaafConstants.URN_PREFIX_WBPK + "XERSB+998877665544")); + BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat( + EaafConstants.URN_PREFIX_WBPK + "XERSB+998877665544")); } -- cgit v1.2.3 From 5945c62128c2cb9d552ad7b4c085c09d046d2d56 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 1 Apr 2020 17:22:28 +0200 Subject: switch to next release version 1.1.1 --- eaaf_core/pom.xml | 2 +- eaaf_core_api/pom.xml | 2 +- eaaf_core_utils/pom.xml | 2 +- eaaf_modules/eaaf_module_auth_sl20/pom.xml | 2 +- eaaf_modules/eaaf_module_moa-sig/pom.xml | 2 +- eaaf_modules/eaaf_module_pvp2_core/pom.xml | 2 +- eaaf_modules/eaaf_module_pvp2_idp/pom.xml | 2 +- eaaf_modules/eaaf_module_pvp2_sp/pom.xml | 2 +- eaaf_modules/pom.xml | 2 +- pom.xml | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/eaaf_core/pom.xml b/eaaf_core/pom.xml index 520884ea..4ee46149 100644 --- a/eaaf_core/pom.xml +++ b/eaaf_core/pom.xml @@ -4,7 +4,7 @@ at.gv.egiz eaaf - 1.1.1-SNAPSHOT + 1.1.1 at.gv.egiz.eaaf diff --git a/eaaf_core_api/pom.xml b/eaaf_core_api/pom.xml index 7f688734..5da7ad89 100644 --- a/eaaf_core_api/pom.xml +++ b/eaaf_core_api/pom.xml @@ -7,7 +7,7 @@ at.gv.egiz eaaf - 1.1.1-SNAPSHOT + 1.1.1 at.gv.egiz.eaaf eaaf_core_api diff --git a/eaaf_core_utils/pom.xml b/eaaf_core_utils/pom.xml index 7cf6a266..eb65b01e 100644 --- a/eaaf_core_utils/pom.xml +++ b/eaaf_core_utils/pom.xml @@ -7,7 +7,7 @@ at.gv.egiz eaaf - 1.1.1-SNAPSHOT + 1.1.1 at.gv.egiz.eaaf eaaf_core_utils diff --git a/eaaf_modules/eaaf_module_auth_sl20/pom.xml b/eaaf_modules/eaaf_module_auth_sl20/pom.xml index 482596a2..c113ef98 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/pom.xml +++ b/eaaf_modules/eaaf_module_auth_sl20/pom.xml @@ -6,7 +6,7 @@ at.gv.egiz.eaaf eaaf_modules - 1.1.1-SNAPSHOT + 1.1.1 eaaf_module_auth_sl20 Generic SL2.0 authentication diff --git a/eaaf_modules/eaaf_module_moa-sig/pom.xml b/eaaf_modules/eaaf_module_moa-sig/pom.xml index eb2cdae8..aa63b3c3 100644 --- a/eaaf_modules/eaaf_module_moa-sig/pom.xml +++ b/eaaf_modules/eaaf_module_moa-sig/pom.xml @@ -5,7 +5,7 @@ at.gv.egiz.eaaf eaaf_modules - 1.1.1-SNAPSHOT + 1.1.1 eaaf_module_moa-sig MOA-Sig signature verification module diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml index efc359aa..253d0afb 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml @@ -7,7 +7,7 @@ at.gv.egiz.eaaf eaaf_modules - 1.1.1-SNAPSHOT + 1.1.1 eaaf_module_pvp2_core eaaf_module_pvp2_core diff --git a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml index b570c88a..e8fb2acc 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml @@ -5,7 +5,7 @@ at.gv.egiz.eaaf eaaf_modules - 1.1.1-SNAPSHOT + 1.1.1 eaaf_module_pvp2_idp eaaf_module_pvp2_idp diff --git a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml index cf2ac340..3b661c7b 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml @@ -5,7 +5,7 @@ at.gv.egiz.eaaf eaaf_modules - 1.1.1-SNAPSHOT + 1.1.1 eaaf_module_pvp2_sp eaaf_module_pvp2_sp diff --git a/eaaf_modules/pom.xml b/eaaf_modules/pom.xml index 3addb4b5..84f4163d 100644 --- a/eaaf_modules/pom.xml +++ b/eaaf_modules/pom.xml @@ -4,7 +4,7 @@ at.gv.egiz eaaf - 1.1.1-SNAPSHOT + 1.1.1 at.gv.egiz.eaaf diff --git a/pom.xml b/pom.xml index 735c7b3d..0bcde9ed 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ 4.0.0 at.gv.egiz eaaf - 1.1.1-SNAPSHOT + 1.1.1 pom EGIZ EAAF components -- cgit v1.2.3